Credit Card Security

I will admit that I personally am not terribly worried about identity theft. I go about my life being prudent but not neurotic.

I am concerned about my client’s exposure to loss by credit card data-breach. Every day we hear of another merchant security problem. Every business must work with their credit card processor to limit their exposure to a loss. The standards are set out in the Payment Card Industry Data Security Standard – a collaborative effort between Visa and MasterCard that has been endorsed by the other card companies.

In short, you must:

-Build and Maintain a Secure Network
-Protect Cardholder Data
-Maintain a Vulnerability Management Program
-Implement Strong Access Control Measures
-Regularly Monitor and Test Networks
-Maintain an Information Security Policy

Failure to follow the standards could result in fines from your card company and enormous liability for breaches.

Details of the security standards can be found at http://usa.visa.com/merchants/risk_management/cisp.html.

Call your card processor and ask, “What do I need to do to limit my liability for security breaches?” Follow their instructions and review at least quarterly.

Most insurance programs will not protect you from a data breach. Your best protection is to follow scrupulously the security programs put in place by the card companies.