Protecting Credit Card Information

Large companies have lost large amounts of money lately due to hacker activity. Sony suffered a hiccup when somebody infiltrated their PlayStation 3 database and got hold of their users’ credit card numbers. Sony repaired the error and gave customers 2 free games to download online. Citigroup was also a target for hacking attacks, but unlike Sony, company directors decided to withhold this information from consumers for 3 weeks.

In a world where online purchases are becoming the norm, security is key. You can offer your customers any perk you want, but nobody is going to spend their hard-earned money where strangers can come in and steal their credit card information. Merchants have several choices when it comes to payment applications, so it is always a good idea to go back to the SANS Institute’s list of validated payment applications.

In a PBS Frontline interview, Richard Power, Editorial Director of the Computer Security Institute, says that Visa International only recently came up with a set of guidelines for merchants to follow when doing online transactions. These new regulations focus on unloading more responsibility on the merchant when it comes to customer protection. By industry standards, saving data from credit cards’ magnetic stripes is not allowed.

These are the main steps to ensure customer data security.

  • No saving of sensitive data after the transaction has been authorized. This data includes card verification code, full magnetic stripe, and PIN block data.
  • Protecting cardholder data by masking PIN numbers and have software vendors inform customers of data purging processes.
  • Generation of strong cryptographic keys. Encrypting all information is vital to make it inaccessible to others. The cryptographic material used by previous versions of the payment application must be rendered irretrievable.
  • Provide secure authentication features, such as unique user IDs for each user, and authentication via password, secret question, biometric, or token or smart card.
  • To make passwords more effective, they should be at least 7 characters long, include numbers and letters, and should be changed every 90 days.
  • Limit repeated access attempts by locking out the account after a certain amount of login attempts. For added security, automatically log out users after they have been idle for 15 minutes.
  • Log payment application activity to keep track of transactions and make sure that there is no suspicious activity.
  • Never store cardholder data on a server that’s connected to the internet.

Much of the legislation dealing with Internet traffic and online transactions is still in the process of being created. User guidelines evolve together with the development of new technology. As new glitches are discovered, so are new fixes. By keeping up with the latest in credit card usage and payment applications, consumers and businesses can interact safely.

Comments

  1. JamieGillingham says:

    Something that any reputable business should keep in mind no doubt.

  2. virtual assistant says:

    It is scary how unsecure the internet is, and how many companies have such lax security. I wish there was some sort of standard that companies had to abide by in regards to securing their customers information.

  3. JamieGillingham says:

    i agree!

  4. chamadi09911118076 says:

    This is an amazing post. I like this post very much and very informative post. All things are described in very beautiful way. I think you should continue to make this type of post.

  5. I’ve been browsing online more than three hours today, yet I never found any interesting article like yours. It’s pretty worth enough for me. In my view, if all webmasters and bloggers made good content as you did, the internet will be a lot more useful than ever before. Small Business Loans