We’re heading towards that time of year again when shoppers go crazy for a bargain. What security measures should your business have in place to protect customers’ payment details from those cyber attack criminals lurking out there?
Black Friday started in the US back in the 1930s before making its way across the Atlantic in recent years and is regarded as the beginning of the Christmas shopping season. Traditionally it takes place on the Friday after Thanksgiving and with the introduction of Cyber Monday, shoppers are treated to a long weekend of seriously discounted goodies.
In 2015, retailers in the UK saw sales of £3.3bn over the Black Friday/Cyber Monday weekend and this year looks set to be even bigger. But it’s not just shoppers and businesses getting excited. Black Friday and Cyber Monday offer cyber attack criminals a chance to cash in too, targeting consumers and businesses with the aim of getting their hands-on valuable credit and debit card details.
So what can businesses do to protect customers and themselves from cyber attacks? Here are PCI Telecom’s top tips:
Educate your employees. Ensure internal policies are in place for data protection, card handling and sensitive data and make sure that all staff know about them.
Back up your data. Make use of a secure replication server to ensure that all your data is protected in an environment external to your business.
Be careful of email and website downloads and warn employees of the risk too. Ensure you have sufficient firewalls in place to reduce the risk of harmful files making their way onto your system.
Make sure that your ecommerce website is secure. Look in to purchasing an EV SSL (Extended Validation SSL certificate) which encrypts and protects information that is being transferred online to prevent information being intercepted by hackers. It also demonstrates to the customer that you take the issue of protecting their data seriously.
Be sure that your business complies with PCI DSS regulations…which is where we come in…
What is PCI DSS and who does it apply to?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements relating to the security involved in the processing, storing or transmitting debit or credit card information. The standard and the management of it, by the Payment Card Industry Security Standards Council (PCI SSC), were created by the major payment card providers – Visa, MasterCard, American Express, Discover and JCB. PCI DSS compliance applies to ANY business taking credit and debit card payments over the phone or online – large or small. While PCI DSS isn’t a legal requirement, failure to comply can result in a substantial fine and more seriously, cause irreversible damage to your brand.
About PCI Telecom
PCI Telecom provides an outsourced, fully accredited (Level 1) phone and online card processing platform to descope your business from its PCI DSS responsibilities leaving you to focus on delivering your product to your customer. Our 3D-secure online payment solution reduces the possibility of fraudulent card use by authenticating the cardholder at the actual time of the transaction and creates a liability shift from your business to the acquiring bank. Our PCI Agent solution means that credit and debit card details can be taken over the phone securely while maintaining good customer experience. Find out more here.