The 2015 Card Security Best Practices for Merchants

Posted by Jayme Moss on May 20, 2015 12:16:10 PM

Credit card securityDid you know most data breaches are completely avoidable with simple card security practices? Verizon confirmed this in a data breach report: 

  • ​97% of breaches were avoidable through simple or intermediate controls
  • 96% of attacks were not “highly difficult”
  • Hackers base target selection on opportunity
So while hackers can’t wait to hit small business, the good news is you don’t need an expensive security overhaul to prevent damage. Let us explain a few simple steps merchants should take to keep your customer’s card information safe and secure:

1. What to Do at Your Physical Location

This is the trickiest of all areas to secure. It’s because it involves humans. And it’s hard to communicate and monitor consistent procedures across many people. The main thing you can do is be consistent with your brand image so your customers know they’re doing business with you. You also want to analyze the risk for both your physical and logical systems.

You’ll have to decide what type of physical security protects your business and customers best. One thing to look for is positioning the PIN entry device so no one can record the PIN as it’s entered. This could also include security cards, cameras, gates, and other measures.

2. Securing Your Terminals

Unfortunately, terminal security comes with a higher price tag. A merchant should do these things to guarantee the security of your terminals for your customers:

  • ​Don’t tag terminal cables if you can. That’s an easy giveaway to criminals. If you must, use a code that doesn’t make identification obvious.
  • Use cable locks if you can. In fact, you may want to go as far as changing cash registers if you can’t. Skimming devices get inserted most easily when a terminal is removed.
  • Take multiple pictures of all terminals. It becomes easier to spot differences in the future when comparing models. 
  • Record the number and type of connections for each terminal, and the style, type, and color for each connector. Or photograph connectors thoroughly.
  • Use an ultra-violet security pen to uniquely identify each terminal.
  • Replace older terminals with PCI PTS-approved ones. 
  • Never allow unannounced service visits or upgrades from any service providers.
  • Always return all old terminals to their authorized dealers. You get both secure disposal and financial efficiency.Clear the operating system and application data from all memory when possible.

By taking these card security steps, you’ll be more secure and stand a greater chance of avoiding criminal acts. That saves your company time and money.

Download the Whitepaper "5 Best Security Practices for Smaller Merchants"

Topics: Card Security