There’s a lot of talk about credit card compliance as a merchant however, aside from avoiding penalty fees, you could be thinking about what the reason PCI Compliance is so important and so crucial. The reality is that any breach of the data stored on cardholder databases or loss of personal data damages the trust of the whole internet-based buying community, which affects sales all over the world.
The benefits to security that come from the success of PCI compliance are essential to the continuing development of the merchant community who depend on credit card transactions. Let’s review of the reasons why PCI compliance is crucial to know why it’s crucial.
What are thieves really looking for?
Simply put, data thieves are after the cardholder’s data, and as much as they can. With this information they are able to commit fraud when purchasing goods, or, in some circumstances, even sell stolen data to make money. If the thief is able to obtain the Primary Account Number (PAN) as well as the required identification information, they will be able to steal the identity of the cardholder then impersonate the cardholder and make use of the card’s information.
They are one of the primary kinds of data that credit card that thieves want:
PAN
First and Last Names of the Cardholder
Expiration Date
CID (which is not to be kept)
Magnetic stripe information
How did it get stolen where did it come from?
As you would expect, the locations where thieves can steal the data of cardholders are increasing however, some might surprise you. In addition to the obvious places such as a card reader that’s been breached, thieves have successfully stolen sensitive information from:
Paper is stored in the filing cabinet
Information in a payment system database
Hidden camera recording authentication information
Secretly connect to the store’s wireless or wired network
Hearing a conversation with a telephone or order taker at an establishment or restaurant
What are the requirements to protect?
It is important to note that the most secure solution is to never store any information about credit cards whatsoever and instead work with a secure service provider such as VeryGoodSecurity. If you decide to store information it is necessary to secure the data in some surprisingly obscure locations, like:
Wireless access routers and networks
The data on credit cards are stored in paper-based records (companies which accept orders via phone are especially vulnerable in this regard)
Software for shopping on the internet.
Level 3 payments