What is PCI Compliance?
Merchant Data Security
Main components of the Payment Card Industry (PCI) Program are as follows, which are basic ideals towards any merchant who processes credit cards in keeping cardholder data secure.
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program (i.e. using up-to-date antivirus software)
- Implement Strong Access Control Measures (i.e. restrict data access on a need-to-know basis)
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Remember, data security is a fundamentally continuous process which is crucial to maintain for your business and your customers’ safety.
Merchant Tips to Protect and Secure Cardholder Data
Approved Scan Vendor
We are your partner in fraud protection and work with you for the utmost safety of your business and your cardholders. Your customers trust you with their information, so trust your instincts when it comes to CC Fraud.
Because of the increased risk of identity theft in today’s environment, any entity that store, transmit, or process consumer credit cards should be PCI compliant.
Signing on with Redstone and our PCI Program assures you access to an Approved Scan Vendor (“ASV”) who will assess your business and alert merchants to their periodic requirements.
Redstone Payment Solutions will help merchants either verify compliance, gain initial compliance, and maintain continued compliance going forward.
Fraud Protection Tips - Card Present
When more than one on the items in the list below is true during a card-present transaction, fraud might be involved.
- Purchase a large amount of merchandise without regard to size, style, color, or price
- Ask no questions on major purchases
- Try to distract or rush you during the sale
- Make purchases and leave the store, but then return to make more purchases
- Make large purchases just after the store’s opening, or as the store is closing
- Refuse free delivery for large items
Fraud protection Tips - Card Not Present
When more than one on the items in the list below is true during a card-not-present transaction, fraud might be involved.
- First-time shopper
- Larger-than-normal orders
- Orders that include several of the same item
- Orders made up of “big-ticket” items
- “Rush” or “overnight” shipping
- Shipping to an international address
- Transactions with similar account numbers
- Shipping to a single address, but transactions placed on multiple cards
- Multiple transactions on one card over a very short period of time
- Multiple transactions on one card or a similar card with a single billing address, but multiple shipping addresses
- Multiple cards used from a single IP
- Orders from Internet addresses that make use of free e-mail services
Fraud protection Tips for Protecting the Business at Large
- Empty the mailbox. Never leave outgoing or incoming mail in pick-up boxes overnight
- Send sensitive email sparingly. When sending sensitive information via email, encrypt it first—or don’t send it at all; this includes communication with your credit card processing company
- Make copies carefully. When making copies of sensitive documents, remember to take your originals off the copy machine
- Use the shredder
- Leave discrete voicemail messages
- Protect your onsite ID badges, office keys, and entry codes
- Identify strangers at the office
- Be careful with your documents: Lock sensitive materials when you’re away from your desk in the appropriate file cabinets, desk drawers, etc.
- Avoid sharing any sensitive information over a cell phone, even with your credit card processing company
Further PCI Credit Card Processing Information
For detailed information and up-to-date processes warranted for PCI or Payment Card Industry Data Security visit these websites.
Visa’s PCI Website
An overview of the program and requirements for compliance.
PCI Security Standards Council
Official website of the council on PCI.
Site Data Protection by MasterCard
An overview of the PCI program from MasterCard’s point-of-view.