Merchants Must Comply With Cardholder Data Security Requirements

With the Internet playing a major role in purchases, computer hackers pose a risk. Hackers are thieves. They cause problems and they can leave merchants holding the bag to face devastating consequences -- not to mention the injury that is done to the consumer whose information is stolen.

Everyone has heard about reputable vendors who have lost their customer’s valuable credit card information. To put it simply, businesses and individuals who make credit card transactions with a merchant expect that their information will be kept private and secure from hackers and individuals on the “inside” who try to steal information for fraudulent purchases.

Visa®, MasterCard and other payment cards such as Diners Club, Discover Card and American Express recognized the need to protect their client’s information. Visa® and MasterCard were the first to create cardholder data security requirements which all merchants must come in compliance with. Diners Club, American Express and Discover Card soon followed their lead and endorsed these standards.

The cardholder data security requirements address issues that will keep credit card records and cardholder data private and secure. To keep this information safe, merchants must build and maintain a secure network, having access-control measures and implement an information security policy. Any merchant who captures, processes or stores credit card data must comply with the cardholder data security requirements.

Some of the cardholder data security requirements which must be met include:

• Credit card data and cardholder data that are stored in a computer system should be protected. With the rise of card not present transactions, if a hacker knows the cardholder’s name, address and expiration date than the thief can go on a shopping spree.
  
• A secure network should be used that has a firewall. The network and firewall should be used, maintained and updated regularly by merchants to protect credit card data.

• Security should be tested regularly and anti-virus software should be maintained and updated regularly.
  
• Transmissions across public networks should be encrypted. Encryption reduces the threat of a hacker obtaining personal information.

• There should be different levels of employee access to credit cardholder data. Each employee who has access to cardholder records should have their own identification and password. Access should be limited and only given to those who “need-to-know.”
  
• A policy should be maintained that address the security of information.

• To read the full cardholder data security requirements you can visit https://sdp.mastercardintl.com/ and http://usa.visa.com/

All merchants are required to be in compliance with cardholder data security requirements. If a business is found to not comply with the standards, or if they fail to rectify a security problem, they can be fined and/or prohibited from accepting certain credit cards.

Years ago, merchant accounts were generally through banks. With the rise and popularity of the Internet, many individuals (especially small businesses) are choosing to go with third-party companies. It is important to keep in mind that fraud is the responsibility of the merchant. You should carefully scrutinize your needs and choose an effective and reputable merchant account.