Blog
PCI Security Tips – Tips to Prevent Credit/Debit Card Fraud
Rules for credit card and debit card information security are set forth in the Payment Card Industry Data Security Standards (PCI-DSS), a set of industry regulations. Failure to comply with these standards can result in penalties and increased transaction costs. In additional, stolen credit cards are often used to fund other criminal activity.
As part of maintaining PCI compliance, you should know what to look for and how to respond to possible credit or debit card fraud. Here are some tips to help you keep your company and customer information secure:
Report suspicious activity immediately. If you see unusual behavior in your organization, report it. For example, if someone looks like they are handling the card reader at an ATM or credit card machine, they could be installing a skimmer to steal data from unsuspecting customers. Or, if you see an unidentified individual attempt to tailgate an employee into your building, this should be reported. Even if they are in a courier uniform and carrying heavy boxes, their identity and purpose should be identified.
Report strange computer behavior to your IT team. Many data breaches happen because of an employee clicking on a link or opening an attachment in an email they weren’t expecting. Not paying attention to social engineering cues and failing to report possible phishing or scam attempts can leave your organization susceptible to and at the mercy of hackers. If you suspect you may have been the victim of a phishing attack, the best thing you can do is contact your IT team, or help desk immediately, so they can minimize the affect of a security breach. Don’t wait.
Use strong passwords. If your passwords are weak, you are putting your company at risk of being easily infiltrated by hackers.
Do not send or save sensitive card information on unsecured or unapproved devices. You should not store any sensitive data unless absolutely necessary. If data must be stored, it should be on a very secure, company-approved device. Also, if you need to write down a credit card number on paper for any reason, you should shred it immediately once you’re done using it. Do not just throw it away. Additionally, credit or debit card information should never be sent through unsecured means, such as through email or a publicly used fax machine.
Receipts or imprint machine transactions should be stored or disposed of properly. Paper records can be stolen or compromised, so they must be disposed of properly (such as in a shredding machine), or stored in a secure area, according to your company’s policy.
Employees who do not take care of sensitive information can lead their organizations into fines, increased operating costs, loss of customer confidence, and even more governmental regulation. Do your part to keep sensitive information safe at all times.
The tips included in this message are meant to remind you to keep sensitive information secure. Remember, your organization’s privacy, security, and compliance policies for handling sensitive information should be followed first and foremost.