Over the next several months, we will be sharing the PCI Council's advice on How to Protect Your Business With These Security Basics.
Security risks are everywhere these days - everyone up and down the chain is affected. At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.
This month's topic: Protect Your Card Data and Only Store What You Need
ASK AN EXPERT. Ask your payment terminal vendor or merchant bank where your systems store data and if you can simplify how you process payments. Also ask how to conduct specific transactions (for example, for recurring payments) without storing the card’s security code.
OUTSOURCE. The best way to protect against data breaches is not to store card data at all. Consider outsourcing your card processing to a PCI DSS compliant service provider. See Resources on page 22 of the guide (download below) for lists of compliant service providers.
IF YOU DON’T NEED CARD DATA, DON’T STORE IT. Securely destroy/shred card data you don’t need. If you need to keep paper with sensitive card data, mark through the data with a thick, black marker until it is unreadable and secure the paper in a locked drawer or safe that only a few people have access to.
LIMIT RISK. Rather than accepting payment details via email, ask customers to provide it via phone, fax, or regular mail.
TOKENIZE OR ENCRYPT. Ask your merchant bank if you REALLY need to store that card data. If you do, ask your merchant bank or service provider about encryption or tokenization technologies that make card data useless even if stolen.
For more information on this topic or other point of sale and payment concerns, call us at 907-243-2683. Or fill out the form below and one of our representatives will contact you.