WHAT COMPANIES CAN DO TO LIMIT THE RISK OF A BREACH

Recent breaches, like Marriott, remind us of the importance of implementing a comprehensive security program that includes focusing on compliance, processes, and mitigating risks. There are some steps you can take to limit the risks from cyber attacks and data breaches, with educating your employees on what to look for and how to respond being at the top of the list.

One of our banking partners, Elavon, a wholly owned subsidiary of US Bank, recently distributed a security letter of Merchant Requirements for Securing Cardholder Information. See these requirements and more actions you can take to deter data breach risks:

HIGHLIGHTS AND MORE TIPS

Do not store:

  • Full contents from the magnetic stripe on the back of the card
  • Card-validation code (CVV2) (3-digit code on the back of V/MC/Disco or 4-digit code on the front of the Amex card)

Store securely:

  • Store only that portion of the customer’s account information that is essential to your business (eg. Name, account number, exp date)
  • Store all material containing sensitive information in a secure area limited to authorized personnel
  • Limit length of time stored to only the amount of time essential to your business (and no more than 2 years)
  • Purge all materials containing cardholder information after timeframe

Vendors (Software, Payment Gateways, or Other Service Providers):

  • Make sure these agents adhere to all rules and regulations governing cardholder information security. Any violation by your agent may result in unnecessary financial exposure and inconvenience to your business

Employee Fraud:

  • Perform background checks of employees

Certify your PCI compliance:

  • Certification of your PCI compliance can reduce the likelihood of a data breach and can potentially provide financial assistance in the event a data breach should occur. If you do business with EU citizens, see GDPR regulations and our article here 

Reporting a Security Incident

In the even that transactions data is accessed or retrieved by an unauthorized entity, notify us immediately at support@ascentprocessing.com or 888-721-9301.