Fraud Control Basics
VISA® Merchants must take extra care to protect their merchant accounts from internal and external compromises. Data security is greatly the businesses responsibility to make sure that protection is a key part of their policies. All payments, payment acceptance and transaction processing should be protected from outside influences. When customers seek to use a VISA® card, they should expect reliable and honest dealings with the information that they share with the merchant.
The VISA® U.S.A. Inc. Operating Regulations state: Merchants have the responsibility to ensure the customer that there account information integrity is not tampered with, and that it is stored in limited access areas. Merchants are not allowed to store magnetic strip information of any transaction to third parties. The only exceptions are if the information is needed by a merchant bank, card issuer, or third-party processor to complete each sale. A company’s data security policy should be designed to protect your account from unethical employees. This is why account numbers are encrypted during the transaction process.
Equipment such as laptops or devices that can hack into your account should not be allowed in the workplace where banking transactions take place. For security purposes card merchants are provided with encryption software. This type of software is of great concern to companies that use e-commerce. This software is actually required to protect the accounts of customers who conduct transactions online, and must not be able to be accessed by anyone else online. To ensure this protection, the merchant can either use firewalls, such as: encryption, passwords, or store the account data on a computer with no internet access.
The Payment Card Industry (PCI) data security standards are network security and business practice guidelines instituted by VISA®, MasterCard, American Express and Discover Card. The PCI was developed to create a ‘minimum security standard’ with consideration of the protection of the cardholders accounts and transaction information. Any vendor or entity that accepts credit or debit card payments must comply completely with PCI security standards. If they do not, they may be fined a portion of money or permanently expelled from using card acceptance programs.