- Category
- Recent Articles
Securing your customers sensitive credit card data
By Duncan Isaksen-Loxton // 22 March 2010 // Comments: 5As an online retailer you are responsible for protecting your customers sensitive information such as credit card numbers.
With the increase in online sales and ever present danger of high tech crimes such as card skimming and hacking, you could be the potential focus of an investigation if your customers credit card is used fraudulently. This can be time consuming and expensive, and could result in law suits and criminal action if the losses experienced by card companies and financial institutions need to be recovered.
Did you know that businesses accepting fewer than 20,000 transactions in a year are required by Visa to complete Annual PCI Self-Assessment Questionnaire (SAQ), and have the website and network scanned by an Approved Scanning Vendor?
The global standard for security of credit card information is called the Payment Card Industry Data Security Standard (PCI DSS)
As a merchant accepting credit cards you are responsible in meeting the terms and conditions of the credit card companies and your bank. As an online merchant you are also required to meet the PCI DSS.
The security of your customers data generally falls into one of two categories both of which provide security challenges:
Data in transit - covers the transfer of the data from your customers computer to your website, and from your website to the financial institution. This process is usually covered by the Secure Sockets Layer (SSL) certificate technology. SSL certificates can range from $150 - $800 per year depending on your requirements.
Stored data for future use - where data may be saved in a database or file, for you to use at a later date. The management of this data is governed by two simple principles
‘Don't store the data unless you absolutely need it' - This is the easiest and best way to ensure your customers data is not at risk from being saved for a prolonged period. This does not however relieve you of your duty to ensure your are within the PCI DSS. Red5 development guidelines mean that code we produce sits in this arena. A credit card number is not saved in your system for any longer than it takes for the transaction to take place.
‘If you need to store the data, encrypt it.' - Under this premise, much more work is required to encrypt the data and audit your systems. There are other options if you need to hold a card number to regularly debit different amounts.
The easiest way to meet the basic requirements of PCI DSS are to subscribe to a service such as Comodo's HackerGuardian or McAfee Secure service for quarterly scans. Contact Red5 to find out about pricing for these services and advice on how to ensure your site is secure.
References:
Visa Account Information Security Program
Mastercard Merchant Rules
Payment Card Industry Security Standards Council (PCI DSS)
Labor Department official earlier this week and obtained by McClatchy , reveals the Obama administration'
secretary of labor for occupational safety and health who wrote the memo, raised the concerns on Tuesday, the day before seven oil spill workers on boats off the coast of Louisiana were hospitalized after they experienced nausea, dizziness and headaches.
"I want to stress that these are not isolated problems," he continued. "They appear to be indicative of a general systemic failure on BP's part, to ensure the safety and health of those responding to this disaster."
<b><a href="http
When you are in the corner and have got no money to go out from that, you will need to receive the <a href="http
i agree
