Merchant Services: Basic Policies For Keeping Sensitive Data Safe

by on 7-7-11

Merchant Services Policies

In e-commerce merchant services, storing credit card numbers and other sensitive information is a fact of life. When online merchants store customers’ credit card information in a database, frequently the gloss of offering rapid checkouts to please customers outweighs the burden of rigorous security. With the increasing allure of credit card processing and merchant services data to internet thieves, lowering your risk with compliance on industry security standards protects against potential hacks while cementing confidence in the low risk of doing business with your site.

What Is PCI DSS Compliance in Merchant Services?

Protecting account information is critical to keeping data from falling prey to criminals. The PCI-DSS, or Payment Card Industry Data Security Standard, is a set of merchant services industry-standard practices to help you maintain compliance with this sensitive information any time you accept credit cards or need to store data securely.

Where account numbers are concerned, one of the most important steps any merchant can take is to ensure expiration dates can never be matched to an entire credit card number—failing that, funds become easily accessible to thieves, and so PCI recommends storing only the last four digits—and only if you have a legitimate business reason to hold this information.

In general, storing sensitive data is only smart when you use security measures to render the data unusable to criminals. Data security may include:

  • Truncation, only retaining a portion of the data, as in the last four digits of a credit card number
  • Encryption, translating data to something unreadable, as in a “secret code”
  • Hashing, using an equation to convert sensitive info into seemingly unrelated data

The underlying message here is that if you must collect sensitive credit card data, following PCI DSS guidelines will keep your merchant account safe and your business in compliance. Because credit card processing technology is constantly evolving, keeping your risk profile low takes a bit of tech savvy and ongoing adherence to the Payment Card Industry Data Security Standard (PCI DSS). Here are a few key guidelines, enforced by the major credit card brands, to keep top of mind when you offer your customers the convenience of storing personal credit information.

  • Use security software to continuously monitor all servers storing credit card information
  • NEVER store prohibited credit card data, including PIN and CVV2 numbers (the 3-digit number on the back panel of a payment card)
  • Unless encrypted, expiration dates or full account numbers should NOT be stored

Turn to a qualified security assessor on the PCI Security Standards Council website (pcisecuritystandards.org) to get assistance establishing any aspect of data security that’s beyond your technical abilities. Investing in professional security consulting will put you on track to secure payment processing and data storage.

Tagged as: merchant services

Article by

Almost 10 years ago, Switch Commerce introduced a cutting-edge ATM Terminal Management System that revolutionized the way ATM operators and ATM owners conduct business. Over the years we’ve continued to expand our line of Voice and Mobile technologies to give Independent ATM Deployers (IADs) and Independent Sales Organizations (ISOs) unprecedented control over their ATM portfolios with precise ATM Management and ATM Monitoring. Switch Commerce now offers complete debit card and credit card processing solutions with real-time alerts and customizable reporting to help our clients control every aspect of their business at any given time. Our state-of-the-art technology platform ensures trouble-free operation and lets business owners concentrate on their customers which should always come first.

Switch has written 41 articles for Switch Commerce.

Subscribe to the Switch Commerce feed via RSS to receive instant updates.

Previous Article:

Next Article: