Nov. 30, 2009
Merchant Warehouse, a provider of merchant accounts and credit card processing solutions, has a plan to keep shoppers' personal and financial information safe and secure this holiday season.
Protecting customer data starts with the IT and physical security practitioners, but restaurant and other retail operators should include a checklist for cashiers on the front line. Here are a few tips from the industry experts to keep consumers safe this shopping season:
Make sure the security software is on. Ensure all systems that access the Internet are protected with anti-malware technology.
Knowledge is power. Conduct awareness training. Awareness of common techniques and an understanding of how to identify malicious content can go a long way toward proactive prevention.
Monitor the networks. Comprehensive monitoring of both the network and the client will help you trend threats, identify weakness in your existing enterprise and if necessary, give you the tools to identify and contain a breach if one occurs.
Segment the networks. If you're a merchant bound by the requirements of the PCI security standard, you should be doing this anyway. The idea is to make it so hackers can't access the goods, even if they manage to break into another part of the network.
Bad things in store for those who store. Another basic requirement of PCI security is that companies store as little card holder data after transactions as possible. The more that's stored, the more damage companies and customers can suffer at the hands of data thieves.
Encrypt it. Verify that your company has an encrypted card reader to ensure PCI compliance and, more importantly, to ensure the bad guys can't use what they steal.
As Ronald Reagan used to say, "Trust but verify." Ensure address verification system and card verification values match (i.e. 3 or 4 digit in signature panel).
Verify signature block. Sure, cashiers get overwhelmed when there's a long line of impatient people in front of them. But an important part of stopping credit card fraud is to check the signature block, particularly if the signature is worn out.
PIN the tail on the transaction. As a rule, PIN debit transactions are more secure (and typically cheaper) than signature-based transactions.