|
Information Security
|
||||||||||||||||||||||||
|
Payment Card
Data Security
Data
security is a hot topic. News stories regularly report system hacks and
lax data security at retailers and other businesses that jeopardize
millions of consumers’ payment card data and personal information.
Retailers are not the only
businesses at risk; Visa reported 53% of open data compromise cases are
related to restaurant payment systems. E-commerce merchants and computer
networks are also regularly targeted by hackers seeking critical payment
card data. Even paper-based merchants have terminals, receipts, and
customer records stolen.
Your customers rely on you to
safeguard their payment card data; failure to do so could result in
Association fines, legal and financial liabilities, and irreparable damage
to your business and reputation. Given this, it’s critical you understand
the basics of information security and comply with security mandates that
apply to your processing environment.
The Payment Card Industry
Data Security Standard:
Visa,
MasterCard and other payment card brands have joined together to establish
the Payment
Card Industry Security Standard (PCI DSS).
ThePCI DSS establishes
guidelines for
key areas of data security
including physical security, access control, computer network security,
security policies, and security testing. The PCI DSS applies to all areas
of the transaction stream; merchants, payment service providers, and even
merchant banks. Meeting the security guidelines set forth by the PCI DSS
is mandatory --this means per Visa and MasterCard regulations, your business must be in compliance with
all applicable PCI DSS requirements.
What are my
requirements?
Merchants use a
variety of methods to process transactions including basic terminals,
computer-based point-of-sale systems, e-commerce shopping carts, and
gateways to name a few. Each processing environment has its own unique
security risks and corresponding security compliance requirements.
Humboldt
Merchant Services has designed a program to bring your business into
compliance with the PCI
DSS. We have expert staff to help you determine what steps are
required to meet PCI DSS mandates and answer questions you may have. We
work closely with SecurityMetrics, a
PCI
Security Standards Councilapproved
security provider, to help our
merchants implement security measures quickly and cost effectively.
For an
evaluation of your processing environment and data storage practices,
Contact HMS Operations Support at (707) 269-3279. We’ll recommend an appropriate
course of action to ensure you meet applicable PCI DSS compliance
requirements.
General
Compliance Validation Guidelines:
Visa and
MasterCard require merchants that meet the Qualifying Events on the chart
below to validate compliance
with the PCI DSS by completing quarterly vulnerability scans and a self
assessment questionnaire.
Quarterly
vulnerability scans are required on all computer systems that handle
cardholder data. Scans are performed remotely via the Internet by an
Approved
Scan Vendor (ASV). The ASVs run scans similar to the probes launched by
hackers to identify vulnerabilities and gain access to unsecured systems.
Upon completion of the scan, you will get a report on your systems’
vulnerabilities; it is then your responsibility to fix them. By fixing
vulnerabilities before hackers exploit them, you mitigate the risk of
unauthorized intrusion into your systems.
The PCI
DSS Self Assessment Questionnaire provides a series of YES/NO
questions designed to evaluate your compliance with the PCI DSS. The self
assessment process is simple; questions answered “NO” identify security
problems that must be fixed to meet PCI DSS guidelines.
Use the chart
below to determine your compliance requirements:
If your
business meets any of the qualifying events described above, please
contact HMS Operations Support at (707) 269-3279 for additional
information. Or, contact our preferred security vendor, SecurityMetrics, at (801) 705-5665 and enroll your
business for quarterly scans and online self-assessment. Tell SecurityMetrics you are a Humboldt Merchant Services
client and you’ll receive a discount through our preferred pricing
arrangement!
Remember, it’s your
responsibility to protect your customers’ payment card data –your
customers expect it, and your reputation depends on
it.
For questions
on data security and Humboldt Merchant Services’ program, please contact
HMS Operations Support at (707) 269-3279 or send an email to opssupport@hbms.com
To learn more
about these programs, or to get a complete listing of certified vendors,
please visit the following websites:
PCI
Security Standards Council:More info on the PCI DSS
including copies of the PCI Data Security Standard, Self
Assessment Questionnaire, PCI DSS
Security Audit Procedures, Approved
Scanning Vendor (ASV)
list, and Qualified Security Assessor (QSA) list.
Visa
Cardholder Information Security Program (CISP): Info on Visa
CISP including compliance requirements for merchants and service providers
and the Payment Applications Best Practices (PABP) program.
Visa
Data Security Alerts: Up-to-date
alerts on the latest security issues
MasterCard Site Data Protection
Program
Humboldt
Merchant Services received recognition from MasterCard for its efforts to
comply with MasterCard’s Site Data Protection program. Open this acrobat
document to read the case study prepared by
MasterCard.
|