Merchant's Responsibility in Preventing Credit Card Data Breaches

Posted by Jayme Moss on Jul 14, 2017 9:05:00 AM

credit card data breachesIn today's commerce climate, there are limitless opportunities for merchants to sell their goods and services. At the same time, there are limitless opportunities for thieves to exploit merchants and consumers. Credit card data breaches at major retailers have made the news wire too many times to count, and when it comes down to it, it is up to the merchant to understand the responsibility they have in protecting their client's data when accepting credit card by enforcing appropriate security measures.

Going back to days before the internet, credit card processing consisted of a dedicated terminal and a dedicated POTS line to dial up the processor and approve or decline payment. But in today's connected world, the process is open to more security risk. The direct telephone line has been replaced with shared connections to the internet. Much of the costly hardware is now replaced with software, susceptible to hacks. The merchant's responsibility has grown to ensure the cardholder data they are collecting is not only secure, but their systems they are using to collect the data and the connection they are using to transmit the data is equally kept secure.

Hardware Security: Merchants need to ensure that whatever hardware device they use to enter credit card information is not physically compromised. Skimmers are an example of this type of hack. These are malicious card readers physically attached to terminals or ATM’s that grab data off a credit or debit card's magnetic stripe to steal data from consumers that swipe their cards. In order for the thief to get the information, they have to come back to the compromised machine to get the stolen data, but once obtained, can create cloned cards or just break into bank accounts to steal money. Having an EMV/chip enabled terminal will eliminate this risk for vendors.

Software Security: Accepting payments via software based applications for card present technology requires the merchant to understand that the machine (computer, tablet, phone, etc.) they are using to run the application is kept up to date with security patches and antivirus software, as well as the connection being used to transmit the data is secure. If using an untrusted and unknown public Wi-Fi to transmit cardholder data results in compromised data, it is on the merchant.

Card Not Present Security: While chip technology has impressively cut card present fraud, eCommerce is at a higher risk. According to a report on NBC News earlier this year, identity theft in the form of credit card fraud online is spiking, with 2016 seeing a 40 percent jump in Card Not Present fraud. Account Takeover Fraud, where a criminal opens numerous credit card accounts using stolen identities, is up an alarming 61 percent. For merchants who have eCommerce sites or primarily process payments over the phone, it is imperative to stay on high alert for fraudulent activity, and implement technologies, such as Solupay's 3D Secure Advanced to safeguard against these attacks.

Download "The Evolution of 3D Secure" Whitepaper

Topics: Card Security