PCI Compliance – Go Beyond What Is Required.
It’s time for a refresher course on good old fashioned computer common sense regarding security of personal or sensitive authentication data. The PCI DSS (payment card industry data security standard) was created by members of the electronic payments industry as a guide to credit card processing and data storage security for merchants. It is not an all encompassing guide to every aspect of your personal computer and internet security. Most of the responsibility of protecting your own personal identification information and other financial or sensitive authentication data rests with you. Don’t concentrate so hard on being PCI compliant with regard to your business that you ignore all of the other aspects of computer and internet security for yourself. In a world where we rely on electronic forms of communication and data storage more and more every day, we need to understand the inherent risks associated with it and take the proper precautions.
If you are a merchant that maintains your PCI compliance requirements per the provisions of the PCI DSS, you are already giving your business and your customers the best protection that you can. That takes care of the obvious business information that cyber criminals and hackers are prowling for, but what about all of your other personal information that you don’t normally consider when thinking about making sure you’re PCI compliant.
Please take some time to go over these basic precautions for your personal data. This is take directly from a Visa Inc. newsletter sent to processors:
“Visa has detected an increase in email ‘phishing’ scams directed toward merchants. These scams utilize fraudulent emails that appear to originate from legitimate financial institutions, transaction processors or other business entities that routinely conduct business with merchants.”
“Through these email scams criminals attempt to convince merchants to provide sensitive information such as merchant account information, passwords, login credentials or other payment transaction information, which can be used by criminals to commit fraud.”
“In most of these email phishing cases, the merchant is asked to click on an internet hyperlink embedded in the email. This link connects to the criminal’s fraudulent website or computer server and may lead to the installation of malicious software (known as ‘malware’) on the merchant’s computer.”
Next week we’ll cover the top 6 warning signs that the email in your inbox has the potential to cause you harm. If your business is not PCI compliant as of now, visit our home page to find out how to become PCI compliant quickly, easily and at no charge.