Are You Protecting Customers’ Credit and Debit Card Data?
Setnor Byer Insurance & Risk
Information Technology, Risk Management, Identity Theft
It’s hard to ignore the fact that data security breaches seem to be increasing in frequency and severity, particularly those involving credit and debit card data. Just ask Home Depot, Michaels Stores, Neiman Marcus, or their 50+ million customers whose payment card data may have been compromised in 2014. To reduce the chances of making the list in 2015, preventative measures must be taken by every business that accepts credit and debit card payments.
The PCI Security Standards Council developed the Payment Card Industry Data Security Standard (PCI DSS) to encourage and enhance cardholder data security. This standard includes 12 requirements.
Build and Maintain a Secure Network and Systems
Install and maintain a firewall to protect cardholder data.
Do not use defaults for system passwords or security parameters.
Protect Cardholder Data
Protect stored cardholder data.
Encrypt transmission of cardholder data.
Maintain a Vulnerability Management Program
Protect systems against malware and regularly update anti-virus software.
Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
Restrict access to cardholder data to those who need to know.
Identify and authenticate system access.
Restrict physical access to cardholder data.
Regularly Monitor and Test Networks
Track and monitor all access to networks and cardholder data.
Regularly test security systems and processes.
Maintain an Information Security Policy
Maintain a policy that addresses information security for all personnel.
For the full article please visit: http://setnorbyer.com/riskbriefs/post/Are-You-Protecting-Customerse28099-Credit-and-Debit-Card-Data.aspx#post0
Cyber Liability Insurance
, Cyber Risk
, Identity Theft
, Information Technology
, Risk Management