Tuesday, April 24, 2007
Do you take credit cards?
If you haven't already heard of something called "PCI" or "PCI/DSS", you will before long.
Visa and the other major companies got together and created a detailed list of information security rules that are a contractual obligation for anyone who handled credit card information.
They've failed miserably at getting the word out, but the standards are already in effect, and if you don't comply then the banks can use that as an excuse to leave you holding the bag for fraud losses.
The Payment Card Industry Data Security Standard is a long checklist, but there's one clear top priority. More than anything else, the banks demand that you never store the three- or four-digit code from the back of the card, or the complete contents of the magnetic stripe on the back. They're not going to be forgiving or let you use workarounds on that.
The rest of the list is things you should be doing anyway, but you're also supposed to generate paperwork to prove you're doing it. You're also supposed to get periodic security checks. If you're small, you don't have to produce quite as much paperwork as Amazon would have to, but you have to live up to the same standards. Worse, if there's ever a breach at your shop, Visa can put you under the microscope like they would Amazon.
You can hire somebody like me to help, but unless you're midsized you should give serious thought to outsourcing your credit card handling.
|
Visa and the other major companies got together and created a detailed list of information security rules that are a contractual obligation for anyone who handled credit card information.
They've failed miserably at getting the word out, but the standards are already in effect, and if you don't comply then the banks can use that as an excuse to leave you holding the bag for fraud losses.
The Payment Card Industry Data Security Standard is a long checklist, but there's one clear top priority. More than anything else, the banks demand that you never store the three- or four-digit code from the back of the card, or the complete contents of the magnetic stripe on the back. They're not going to be forgiving or let you use workarounds on that.
The rest of the list is things you should be doing anyway, but you're also supposed to generate paperwork to prove you're doing it. You're also supposed to get periodic security checks. If you're small, you don't have to produce quite as much paperwork as Amazon would have to, but you have to live up to the same standards. Worse, if there's ever a breach at your shop, Visa can put you under the microscope like they would Amazon.
You can hire somebody like me to help, but unless you're midsized you should give serious thought to outsourcing your credit card handling.
# posted by Frederick @ 2:26 PM Email to a friend:
Haloscan: they provide trackback