How to Better Protect Customer Card Data

Merchants can better protect customer card data by overseeing who has access to such information, maintaining PCI compliance, and adopting EMV technology.
December 08, 2017 2 minute read

How to Better Protect Customer Card Data

Every merchant knows it’s important to keep their customers’ data protected from hackers and thieves. With all of the data breaches we often hear about in the news, the last thing a business owner would want is to put his or her customers’ information in jeopardy and risk losing their trust. However, that doesn’t mean merchants take all the necessary steps to secure their data. Merchants often already feel like their systems are safe, or are sometimes unaware of enhanced security measures they can take.

A 2014 survey by audit, consulting, tax, and advisory services company Deloitte, which consisted of 70 consumer product industry executives and senior managers and 2,001 adult consumers in the United States, actually shows how professionals and consumers are not on the same page when it comes to data protection.

“Fifty percent of the executives we surveyed thought that many consumer product companies are ‘adequately’ protecting consumer information; only 37 percent of the consumers we surveyed thought the same,” it states.

As a result, merchants should make protecting customer card data a top priority. Here are just a few ways to do so:

Oversee Who Has Access

By limiting who exactly has access to your business’ confidential information, and thoroughly monitoring those people, you could decrease the likelihood of unauthorized use. This includes employees and any third-party providers.

While this may seem like an obvious suggestion, you’d be surprised how few companies take this into consideration. In fact, the aforementioned survey also reveals: “Restricting access to consumer data by business need to know” and “tracking and monitoring all access to consumer data” are policies a good portion of companies do not adhere to.

Follow PCI Standards

One of the six objectives of the Payment Card Industry Data Security Standard (PCI DSS) specifically states: “protect consumer cardholder data.” The PCI Security Standards Council provides some guidelines on how to do this, which includes understanding the transaction process and where a customer’s card data goes, verifying the payment terminals used, and following personal identification number (PIN) and entry data security regulations. Another recommendation involves using “strong cryptography to render unreadable cardholder data that you store, and use other layered security technologies to minimize the risk of exploits by criminals.” To read more about these guidelines, click here.

Adopt EMV Technology

Europay Mastercard Visa, more commonly referred to as EMV, aims to decrease the number of fraudulent card activities from taking place in stores. Many consumers now own EMV cards and use them to make purchases.

Rather than swiping their cards at checkout, consumers insert them into credit card processing terminals. This equipment reads the embedded microchip on each card, which contains encrypted information, and produces a different code each time it’s used. Merchants who have not yet upgraded to EMV-enabled terminals and POS systems, such as the Clover Station, should consider doing so in order to enable consumers to utilize this technology.

Stay Informed on Ways Hackers Steal Information

The Deloitte survey also explains how few consumer product companies inquire about new tactics hackers use to steal consumer card data.

“Expect attackers to be creative and breaches to occur, and plan to have multiple layers of protection to render some breaches ‘harmless,’” it states.

Doing so keeps you one step ahead of them, and gives you time to figure out ways to hinder their efforts before they even make an attempt—being proactive, rather than reactive.

Topics: Merchant Processing

For additional information please call MerchantPro Express at 888-333-1374 or email info@merchantproexpress.com.

Leave a Comment

Is Your Business EMV-Compliant?
Is Your Business EMV-Compliant?