Blog
Security

Why protecting cardholder data is good for your business

August 8, 2014
5
min read

More than 800 million computer records with sensitive information have been a part of data breaches in the U.S. since 2005 (privacyrights.org).  Moreover, because many small merchants have minimal security for cardholder data, over 80% of attacks target small businesses.

The PCI Security Standards Council explains that if you are at fault for a security breach, fallout can be as follows:

  • Fines and penalties
  • Termination of ability to accept payment cards
  • Lost confidence, so customers go to other merchants
  • Lost sales
  • Cost of reissuing new payment cards
  • Legal costs, settlements and judgments
  • Fraud losses
  • Higher subsequent costs of compliance
  • Going out of business

As stated by the PCI Council,"Merchant-based vulnerabilities may appear almost anywhere in the card-processing ecosystem including point-of-sale devices; personal computers or servers; wireless hotspots or Web shopping applications; in paper-based storage systems; and unsecured transmission of cardholder data to service providers. Vulnerabilities may even extend to systems operated by service providers and acquirers, which are the financial institutions that initiate and maintain the relationships with merchants that accept payment cards."Some requirements by the PCI Security Standards Council that can enhance security are to maintain a firewall, and protect stored cardholder data:

Maintaining a firewall to protect cardholder data

Firewalls control your computer network’s traffic, allowing you to deny all traffic from untrusted networks and potentially denying criminal attacks. Identify all connections to cardholder data and configure a firewall that allows only the necessary connections.

Protecting stored cardholder data

Cardholder data should only be stored if absolutely necessary. When stored, cardholders trust the merchant to go through precautions to protect sensitive data from criminal attacks. Data storage should be limited to the time required for business purposes. Consider using truncation, index tokens, and securely stored pads to improve your security. In addition, restrict access to cardholder data to a need-to-know basis. Individuals should only be authorized to sensitive data if it is necessary information to perform a job.

To learn more about PCI standards and compliance, visit the PCI Security Standards Council, or give us a call.

Related Articles

Transforming Banking for the Mobile-First Generation
Kubera
April 18, 2024
News
Nuvei Goes Private in Landmark $6.3 Billion Deal
Kubera
April 16, 2024
News
Understanding the AT&T Data Breach: Implications and Next Steps
Kubera
April 12, 2024
Address:
450 Southwest Marine Drive, 18th Floor
Vancouver, BC
V5X 0C3
Contact:
Toll Free: 1 (855) 458-2372
Local: 1 (604) 484-9297
Email: help@kuberapayments.com
HomeBlogContact
Kubera Payments Corporation is a business consulting firm connecting our clients to many different partners and products. Among other partners:

Kubera Payments Corporation is an authorized agent of Ignite Payments, a Fiserv company

Kubera Payments Corporation is an Elavon Payments Partner & Registered MSP/ISO of the Canadian branch of U.S. Bank National Association and Elavon

Kubera Payments Corporation is an authorized agent for Worldline, VersaPay and Authorize.net
Copyright © Kubera Payments Corporation. All rights reserved.
Privacy PolicyTerms And ConditionsCookies Policy