Cardholders Data security

Credit and debit card fraud is a major issue for everyone when buying online. Every time a card is used to buy something online, over the phone or in a store, the card data is used to verify and validate the payment. We want our purchases to be secure, and free from fraud. The Payment Card Industry (PCI) is there to make sure all card purchases are safe from potential fraud…

Payment Card Industry Data Security Standard

The Payment Card Industry Security Standards Council (PCI SSC – www.pcisecuritystandards.org) is an independent body created by the five major credit card brands – MasterCard, Visa, JCB, Discover and American Express – to oversee and control the data security of all payment cards, worldwide. In order to do that efficiently and effectively, they set out the Data Security Standard, a set of twelve security requirements for businesses who accept, process, and store or transmit card information. The PCI Standard was created to increase the security around cardholder information, and reduce the risk of credit card fraud.

Security Requirements

The Payment Card Industry Data Security Standard (PCI DSS) has twelve specific requirements for compliance. These are further organized into six groups called “control objectives”.

  1. Install & maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across public networks
  5. Use and regularly update anti-virus software on all systems
  6. Develop & maintain secure systems and applications
  7. Restrict access to cardholder data by business need-to-know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems
  12. Maintain a policy addressing information security

The PCI DSS applies to any company that accepts credit card payments, and they need to host the cardholder data in a secure and PCI compliant hosting provider. It is a worldwide-accepted set of policies and procedures that is meant to ensure the security of credit, debit and cash card transactions against any misuse of cardholders’ personal information. Validation of a company’s compliance to the standard is done annually by an independent Qualified Security Assessor or by an Internal Security Assessor who will create the compliance report for larger companies, and can be done through a Self-Assessment Questionnaire for companies that only handle small volume transactions.

 

Increased security for peace of mind

The five major card companies originally created their own security measures to help combat credit card fraud:

  • Discover – Information Security and Compliance
  • JCB – Data Security Program
  • MasterCard – Site Data Protection
  • Visa – Cardholder Information Security Program
  • American Express – Data Security Operating Policy

Each of these security programs were designed to create an extra level of security and protection for the card issuers by making sure that merchants met the minimum standards of security when they swipe a card or use the card data. Once the PCI SSC was formed, all five card companies aligned their policies to create the Payment Card Industry Data Security Standard. Now, with all this added security, making an online purchase is safer than it has ever been.

Featured Articles

Merchant complacency in identifying international transactions

Merchants have gone a long way in adopting mobile payment security measures, but a large portion still does not know whether a payment originated inside the U.S. or abroad. (…) Read more

Common sense measures to protect yourself against identity theft

Identity theft is a common issue, especially when it is done to commit credit card fraud. According to the Federal Trade Commission, it is estimated that yearly, approximately 9 (…) Read more

EMV chip cards still seem vulnerable to fraudulent activities

In view of combating fraud, the payment industry has been undergoing multiple changes. Innovative security measures have been rolling out frequently. Cards embedded with (…) Read more

Protect yourself when using cards

You would not give a thief the details of your checking account, but when using a debit card in an unsecured location, you are effectively doing just that. When you use your debit (…) Read more

Understanding Point of Sale Malware in cyber crime prevention

Where there is money, there are hackers. Since their very existence, credit cards have attracted cybercriminals who have devised arrays of means and ways to steal data on the (…) Read more

Mobile payment: Paylib extends its services following partnership with BPCE Group

Paylib, the French e-wallet, is diversifying its customer services after partnering with the Banque Populaire and Caisse d’Epargne (BPCE) Group, the second largest banking group (…) Read more

Tokenization: Securing data with random numbers

With more people using cards for purchases, added security is a must for the card issuers. Tokenization is an innovative system that makes data in credit and debit cards more (…) Read more

Secure Communication Prevents Eavesdroppers

End-to-end-encryption (E2EE) is the most secure method of sending messages over the air. It is a technology that means no-one, not even the government, should be able to access (…) Read more

Secure payments: Beating credit card fraud

Whether it is online, over the phone, or in a store, everyone wants to be sure that their card information is secure. Point-to-point encryption (P2PE) is the industry standard to (…) Read more

Digital payments open to major security risks in India

In one of the biggest third-world countries, India, digital payments still have no legislation or infrastructure to govern them. This leaves any form of digital payment open to (…) Read more

Arming your business against sensitive data breaches 

An ever-increasing amount of Personally Identifiable Information (PII) is being stored online. Global cloud security needs to be able to protect that data from malicious theft. Is (…) Read more

Merging technology and principles in fighting cybercrime

The advent of new technologies in terms of modes of payment has entailed a rise in the rate of financial frauds as well. A recent study established that over 2,000 data breaches (…) Read more

Smart credit cards: The future of card security

With the innovative technology introduced by EMV where the chip is embedded into most credit cards, point-of-sale purchases became more secure than ever before. Now, with a new (…) Read more

Retail payment secured through combination of numerous features

The retail industry is committed to securing consumer information during transactions. This is done thanks to innovations in payment security technology. Read more

Dispelling the security myths around contactless cards

Contactless payment is surrounded by myths about its security. Many consumers, not well-versed with this mode of payment, are wary of adopting it. Yet with the technology (…) Read more

Safety netting against fraudulent online transactions

The percentage of fraudulent online attacks in the United States is swelling at an alarming rate. It is estimated that since October 2015, the rate increased by 11%, mirroring a (…) Read more

Other Topic Pages