New Rules for Organizations that Accept Online Payments
There are new rules regarding companies which handle customer’s credit card data.
All those trojans, bots and phishing expeditions have been paying off big time for the hackers and those identity thieves and credit card fraudsters are raking it in. There really is no limit to what they can do with your stolen online information, including bogus identities, credit cards, bank accounts, brokerage accounts, home loans and even scarier stuff than that…the Privacy Rights Clearinghouse says that over 100 million records which contained personal information have been ‘exposed’ since 2005. That is 1/3 of the US population.
Since we have passed the point of asking, “how do they sleep at night” the credit card companies are now taking some strong measures which many hope will remedy the situation.
Your online commerce company doesn’t have to be the size of Amazon.com for your current customer data to fall within these new guidelines. In fact, the PCI DSS (Payment Card Industry Data Security Standard) requirements that anyone with a webpage that connects to a processor, even if its a third party processor, must meet certain requirements! The PCI DSS standard was created by credit card companies MasterCard, Visa, American Express, JCB, and Discover.
Online companies handling credit card data are required to protect their client information or risk big fines and other penalties. That includes the big guys, the small mom & pop sellers and even most non profit donation web sites.
The New Rules
The new rules govern how personal information is to be protected and exactly when an organization is obligated to publicly report a data breach. Any organization which fails to comply with these standards and suffers a data breach may be fined by the bank that processes the organization’s transactions.
A complete copy of the PCI DSS version 1.1 is available online. Level 4 organizations (smaller ones) don’t have to hire a third-party auditor. Instead, they can perform a self-assessment using a questionnaire developed by the PCI Security Standards Council. A copy of the questionnaire is also available online.
The standard consists of 12 requirements that cover a broad range of security issues, from network protection to access controls to creating an information security policy.
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Use and regularly update antivirus software.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security.
The Security Standards FAQ offers additional information.
Given the complexity of PCI DSS compliance and my limited knowledge in this area, please contact your bank or credit card processor to ascertain whether you are obligated to comply and how to CYA….or consider an Alternate Payment System such a Google Checkout, Webmoney, e-gold or even PayPal.
Tags: b5biz, credit-card, Credit-Cards, Digital Gold Currency, digital-currency, e-gold, e-money, e-payments, ecommerce, Fraud, Google Checkout, PayPal, virtualgoldRelated Stories
POSTED IN: Fraud, Online Payments, PayPal
0 opinions for New Rules for Organizations that Accept Online Payments
No one has left a comment yet. You know what this means, right? You could be first!
Have an opinion? Leave a comment: