Best Practices

With all the attention on identity theft, online fraud, and other compromised data events, we like to recommend some best practices from time to time that should be of value to our stakeholders.

First, all companies that accept card payments are required to become PCI (payment card industry) compliant by passing an annual self-assessment questionnaire to ensure that sensitive card data is being properly managed and stored. No exceptions. This Card Brand initiative has been the law of the land for over a decade now and failure to complete it will result in monthly non-compliance fees, but even worse, a breach will cause immediate harm to a merchant’s customers as well as possible loss of business.

Secondly, for merchants that have a web-based presence, there are all kinds of phishing scams, malware, and card testing schemes constantly in play. Fortunately, all payment gateways have numerous filters and programs to detect against potentially fraudulent transactions, which can be found here on our site. Even merchants that process in a retail/card present environment have vulnerabilities that can expose card data to fraudsters as exemplified by past hacks of Target, Home Depot, Walmart, Nordstrom, and many others. Restaurants in particular are susceptible to card skimming (by employees, who then sell this profitable data to counterfeiters). The recent EMV initiative has been implemented to address much of this retail type of fraud, but as this chip card initiative becomes more prevalent, we expect to seen more online attempts, so be forewarned!