A joint news release was issued just a few days ago from Visa, Mastercard, American Express, Diners Club, JCB and Discover outlining what businesses need to do to secure cardholder data. This brief article is applicable for all businesses and is a very easy to follow, guide to protecting cardholder information.<\/p>\n
What makes this short guide very good, is that any one can understand it.<\/p>\n
TO: <\/strong>All Merchants The rising incidence of stolen cardholder account data is a major concern for all participants in the payment industry. As a result of these thefts, merchants and financial institutions suffer fraud losses and unanticipated operational expenses, and consumers are inconvenienced significantly. To protect your business, your customers (cardholders), and the integrity of the payment system, each of the card companies has in place a set of requirements governing the safekeeping of account information. This document gives a brief overview of the most critical aspects of those requirements.<\/p>\n We continue to work on your behalf to reduce payment card fraud, and offer this communication to enhance your awareness, minimize risk, and protect your customers. If you have any questions or would like to have more information, please visit our web sites or contact your representatives for any of the card brands sponsoring this correspondence.<\/p>\n<\/div>\n
\nFROM: <\/strong>American Express\u00ae, Diners Club\u00ae, Discover\u00ae Card, JCB\u00ae, MasterCard International\u00ae, Visa\u00ae U.S.A.
\nRE: <\/strong>Merchant Requirements for Securing Cardholder Information<\/p>\n\n\n
\n Storage of Cardholder Information<\/strong><\/td>\n \u2022 Do not store the following under any circumstance:
\n– Full contents of any track from the magnetic stripe on the back of the card.
\n– Card-validation code
\n– the three-digit value printed on the signature panel of a MasterCard\u00ae, Visa\u00ae, Discover\u00aeCard, JCB\u00ae, or Diners Club\u00ae card, and four
\n– digit code printed on the front of an American Express\u00ae card.
\n\u2022 Store only that portion of the customer’s account information that is essential to your business
\n– i.e. name, account number or expiration date.
\n\u2022 Store all material containing this information (e.g., authorization logs, transaction reports, transaction receipts, car rental agreements, and carbons) in a secure area limited to authorized personnel.<\/td>\n<\/tr>\n\n Destruction of Cardholder Information<\/strong><\/td>\n \u2022 Destroy or purge all media containing obsolete transaction data with cardholder information.<\/td>\n<\/tr>\n \n Use of Agents or Third Parties (Vendors, Processors, Software Providers, Payment Gateways, or Other Service Providers)
\n<\/strong><\/td>\n\u2022 Advise each merchant bank or processing contact (representing each of your card brands) of any agents that engage in, or propose to engage in, the processing or storage of transaction data on your behalf-regardless of the manner or duration of such activities.
\n\u2022 Make sure these agents adhere to all rules and regulations governing cardholder information security. Any violation by your agent may result in unnecessary financial exposure and inconvenience to your business.<\/td>\n<\/tr>\n\n Reporting a Security Incident<\/strong><\/td>\n \u2022 In the event that transaction data is accessed or retrieved by any unauthorized entity, notify the merchant bank or processing contact for each card brand immediately.
\n\u2022 This report will not only minimize risk to the payment system, but protect your customers in the most responsible manner. Systems and procedures are in place to immediately stop the unauthorized use of compromised data, but are effective only when you do your part to promptly report a security incident.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n