Learning the Basics of PCI Compliance

Apply Online Now

Proper adherence to PCI compliance guidlelines protects your business.  This article discusses the basics of PCI compliance for high risk merchants.  

What is PCI Compliance?

The Payment Card Industry Data Security Standard, commonly known as PCI-DSS, provides a framework based on which all entities that handle card information or other sensitive personal details can become compliant in terms of security.

When high risk merchants work together with payment processing service providers within the rules of the PCI  framework, the risk of cyber-attacks and data theft can be significantly reduced. Keeping your business safe.  And protecting your payment processing accounts.

Security Data Breaches Impact Your Business

High risk merchants, like all businesses, are at risk for payment processing security breaches.  The costs associated with data breaches, combined with the pervasiveness of internet payment processing, has made the prevention of  such events a priority.

One of the most recent studies on the current state of PCI compliance suggests that there is a gap between the required and the actual level of data security.  But, there is some hope that the gap is gradually closing.

Verizon’s 2015 report states that during 2014, the number of companies that became PCI compliant doubled compared with the previous year. However, only 29% of those that become compliant will complete subsequent annual evaluations.

Even though the use of enhanced authentication is becoming common , the overall security level of high risk merchants handling sensitive payment processing data is still low.  One only needs to look at the frequency with which high profile data breaches have occurred in the past year, both for standard & high risk merchants, to confirm this.

The extensive cyber security research carried out by Verizon since 2009 showed that there is a clear correlation between low security standards and  being targeted by cybercriminals.

Basic PCI Protection Measures

The PCI standard includes a series of recommended measures that any business or payment processing service provider needs to implement in order to avoid data breaches.

  • Protect cardholder data by installing and maintaining a firewall
  • Use encryption when card information is transmitted across open, public networks
  • Use up-to-date virus protection
  • Focus on achieving the maximum security for your applications
  • Restrict access of individuals to card information
  • Keep a record of all individuals that have access to card information
  • Create and maintain a security policy for employees and contractors

Costs of Data Breaches

It may seem unnecessary, particularly for small to medium sized businesses and organizations, to implement and maintain security measures.  Yet, the costs associated with potential data breaches make PCI-DSS worth the effort.

While evaluating the consequences of data breaches is a challenge in itself, a benchmark study released by the Ponemon Institute together with IBM estimates that the cost of a single data breach in 2014 increased by 23% compared with the previous year, reaching a figure of $3.8 million, with each lost or stolen record causing a loss of around $154.

Conclusion

No high risk merchant, big or small, can be protected from data breaches through means other than appropriate security. In a world where cybercrime is almost impossible to control, applying and maintaining PCI security measures should be everybody’s priority.

Interested in finding out more about PCI-DSS?    

Contact info@paynetsecure.net today

How can you prevent prevent payment processing fraud and safeguard your business? 

Fraudulent Payments Cost You Money

Fraud is among the closest monitored and studied phenomena within the payment industry. This focus results from the huge losses that fraud produces for all parties involved. Fraud continues to be frustratingly difficult to beat in spite of the best efforts to eradicate it.

Today, the prospect of the total elimination of fraud from the ecommerce environment seems to be more distant than ever.  High risk merchants have always been aware potential losses from fraud.  And now mainstream businesses have the same concerns.  

Incidence of Fraud

The most recent statistics on the prevalence of card fraud confirms the fact that the efforts being made are insufficient.  According to the Nilson Report, global fraud losses reached $16.31 billion in 2014, will continue to rise, and are expected to exceed $35 billion in 2020. In 2014, card issuers covered around 62% of these losses, while merchants were liable for the remaining 38%.

The report also reveals that the United States generated about 21.7% of the total ecommerce volume, but it suffered losses amounting to 7.86% billion, that is 48.2% of the total global amount. This percentage gap between ecommerce volume and fraud losses is made possible by the lack EMV technology which protects against counterfeiting.

Chargebacks are a big issue for you as well.  “Friendly fraud” is increasing common as deceitful shoppers dispute legitimate transactions in order to get products or services for free.  

Buyers call their issuing bank & initiate chargebacks.  The majority of times, the issuing bank will side with their customer against you as the merchant.   And your profits go up in smoke.   

How Do Cards Get Stolen?

Cyber-crooks use a variety of means, both high-tech and low-tech, to get their hands on card information. Sometimes, card data is compromised through the hacking of point-of-sale systems.  Online merchants can have their database compromised, leading to a leakage of sensitive card information.

Skimming devices installed at ATM or gas pump harvest card information, such as card number and PIN. It is quite common for individuals to lose their private information when malware is surreptitiously installed on their computers. At times, a restaurant employee will use a device to copy the card information and use it illegally.

Last but not least, data breaches at payment processors and large retailers that store card details will supply criminals with plenty of opportunities to commit fraud.

How to Protect Yourself from Fraud

The FTC offers some useful advice on how to reduce the risk of becoming a victim of fraud.

  • Offer card information over the phone only to trustworthy companies
  • Do not carry all your cards in your wallet at all times
  • When making a payment, pay attention to how the employee handles your card
  • Keep a track of your payments by checking your bank statement as often as possible
  • If you notice an unauthorized charge, notify your issuer immediately
  • Inform your issuer if you changed your address or if you travel

Conclusion

Understanding how fraud occurs and what one can do to prevent it can make a real difference, since increased awareness among both customers and merchants is an important component if any long-term fraud prevention strategy.  There are many good weapons against fraud you can implement to protect your business.  

 Are you interested in keeping your payment processing safe from fraud?  

Contact info@paynetsecure.net today