PROTECTING CARDHOLDER DATA IS GOOD FOR YOUR BUSINESS
Protecting Cardholder Data Is Good For Your Business
PCI and Security
ClearGate is pleased to offer you a simple online service that helps you become compliant with PCI and security requirements. It enables you to process credit cards while helping to minimize your risk of a credit card data breach, thus helping to protect your customers and your business.
As you have witnessed through the news or even personal experience, the protection of credit card data is of the utmost concern. The credit organizations of Visa, MasterCard, American Express, Discover Card and other payment card companies have joined together to create a Payment Card Industry Data Security Standard, also known as PCI DSS.
The First Step in reaching compliance is by completing the PCI Self-Assessment Questionnaire (SAQ) that we have made available here. Your user ID is your 15 or 16 digit Merchant Number which can be found on your merchant statement. Your one-time password is the last 5 numbers of your merchant ID and capitalized abbreviated state code. For example, if the last 5 digits of your merchant number are 91307 and your state is California, your password would be 91307CA. After your initial setup, you will create a unique password, and your one-time password will no longer work, so be sure to retain that in your records. If you have any trouble logging into the system, please call our Customer Support Team at 866-779-4787 option #6 or email us at firstname.lastname@example.org. Please include your merchant ID # in any emails. The answers you provide in the SAQ will dictate whether you require additional compliance steps such as quarterly network scanning.
Account processing though an IP or computer network connection may require a computer IT specialist to assist with making sure you are in compliance.
Questions regarding your PCI Insurance Coverage? Click Here
Is ClearGate PCI level 1 complaint?
What is PCI-DSS? Payment Card Industry – Data Security Standards The PCI-DSS mandates that certain steps be taken by all who accept credit cards to insure the security of the cardholder information. To review what is required to reach PCI’s DSS compliance click here
What is PCI-PA? Payment Card Industry – Payment Application To check if a PA is validated click here
What is PA-DSS? Payment Application – Data Security Standard These standards mandate that all payment applications (software) be validated by a PCI SSC QSA To visit the official web site click here
What is PCI-SSC? Payment Card Industry – Security Standards Council The official website for PCI is click here.
What is PCI SSC QSA? Payment Card Industry Security Standards Council Qualified Security Assessor
Cardholder Data Security Breaches
- Websites linked to £500m credit card fraud shut down by police
- Merchants at Greatest Risk For POS Skimming Fraud
- Connecticut BBB Advises Consumers to Monitor Credit Card Activity in Wake of Massive Data Breach
- New Security Flaws Detected in Mobile Devices
- Financial Forgery Laboratory/ ID Theft
- Identity theft and fraud complaints up 19% in 2011
- Bank of America Responds to Breach
- After a Breach: 3 Lessons
- Credit card fraud at gas station now tops 240 victims, $70,000
- TSA agents’ credit card information stolen
- Salon owner sentenced for skimming high-profile customers’ credit card data
- MasterCard: Security Breach Exposes Nearly 14 Million Cardholders’ Data
- Citigroup Hack Gains Access To Customer Data
- Card Not Present, Skimming, Data Breaches Lead Fraud Concerns
- Michaels stores hit by card skimming
- User data stolen in Sony PlayStation Network hack attack
Poorly secured system to remain offline
- ‘Skimming’ devices steal data off credit, ATM cards
- Right off the top: Thieves using devices to ‘skim’ card data from gas pump readers
- Card Skimming Trends for 2011
- Top Ten Data Breaches and Blunders of 2009
- Heartland Payment Systems hacked
- Justice: Hackers steal 40 million credit card numbers
Cardholder Data Security
PCI SSC Data Security Standards Overview
The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process — including prevention, detection and appropriate reaction to security incidents.
Tools to assist organizations validate their PCI DSS compliance include Self Assessment Questionnaires. The chart linked here shows some of the tools available to help organizations become PCI DSS-compliant.
For device vendors and manufacturers, the Council provides the PIN Transaction Security (PTS)requirements, which contains a single set of requirements for all personal identification number (PIN) terminals, including POS devices, encrypting PIN pads and unattended payment terminals. A list of approved PIN transaction devices can be accessed here.
To help software vendors and others develop secure payment applications, the Council maintains thePayment Application Data Security Standard (PA-DSS) and a list of Validated Payment Applications.
The Council also provides training to professional firms and individuals so that they can assist organizations with their compliance efforts. The Council maintains public resources such as lists of Qualified Security Assessors (QSAs), Payment Application Qualified Security Assessors (PA-QSAs), andApproved Scanning Vendors (ASVs). Large firms seeking to educate their employees can take advantage of the Internal Security Assessor (ISA) education program.
Visa/Mastercard have determined that 80% of all Data Breaches are at small businesses, making protection a major priority. Possible examples of a “Breach” (not all inclusive)
- •Computer hacking
- •Dishonest employees stealing card data from files
- •The business is burglarized and card data is stolen
- •Copies of the sales receipt are not truncated and reflect the expiration date.
Skimming Skimming is when the credit card is swiped on a device that stores the magnetic strip data from the card for future use, without the card holder’s authorization.