Want to watch this video? Sign up for the course here. Or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

If part of your role is taking credit and debit card payments, it is important to make sure that you are fully aware of your companies policies and procedures relating to the security of card data.

Card data stored or processed must be held securely and in accordance with card scheme rules and the information acquired from the cardholder for a transaction, must only be used in connection with that transaction.

Writing credit card information in diaries, notepads or on scraps of paper to be processed later is not holding data securely.

A few requirements for businesses taking card payments are:-

  • Installation and maintenance of a firewall to protect customer card data
  • Vendor-supplied defaults for system passwords should not be used and passwords should be changed on a regular basis
  • Protection of stored cardholder data
  • Regular updates to antivirus software and programs
  • Maintaining secure systems and applications
  • Restricting access to customer card data by business need-to-know
  • All users should have a unique ID
  • Access to network resources and card data should be tracked
  • Security systems and processes should be checked regularly.

Leaving customer card data where it could be accessed and could be used fraudulently or for any other purpose than that for which it was given, can result in:-

  • Loss of business
  • Bad publicity
  • Loss of sales
  • Card Scheme Fines
  • Loss of customer trust and adverse reputational issues.

The cost of corrective measures, which could include forensic investigation costs, can run into tens of thousands of pounds.

When you use your credit or debit card to purchase items over the internet, telephone or using a terminal, you trust that the organisation you are dealing with will take the amount you are expecting to pay and will not allow your data to be accessed and used fraudulently, it is part of your responsibility as a data handler to do everything in your power to make sure that the customer data you are given to take a payment is held as securely as possible.