|
How much is protecting your customer's sensitive cardholder information worth to you?
The theft of credit card information is on the rise and your business could be at risk.
Over and over in recent months, the news media has reported on security breaches resulting in the theft of credit card and personal information for millions of cardholders. In March, TJX, the parent company of retailer TJ Maxx announced that almost 50 million credit and debit card accounts were compromised by hackers who gained access to the company's computer system. So far that huge theft has cost the company nearly $260 million and some experts predict that number will skyrocket to more than $1 billion.
You don't have to be a large business to be a target.
In fact, according to Eduardo Perez, Visa USA's Vice President of Payment Systems and Risk, "Hackers are concentrating on the smaller merchants...that's where we see the greatest vulnerability."
Processors, of course, hold large amounts of sensitive card data. We are held to ever increasing standards of data protection by MasterCard and Visa.
That's why at Sterling we focus a significant on-going effort to strengthen all our systems against credit card theft.
The major credit card companies--Visa, MasterCard, American Express, Discover and Diners Club have come together to create a set of 12 comprehensive requirements for protecting cardholder data security--the Payment Card Industry Data Security Standards or PCI DSS.
The PCI DSS is designed to ensure the safe handling of cardholder information across the transaction process through a series of strict requirements aimed at preventing, detecting, and reacting to security incidents.
These comprehensive requirements include:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data
Requirement 3: Protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open, public network.
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software.
Requirement 6: Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know.
Requirement 8: Assign a unique ID to each person with computer access.
Requirement 9: Restrict physical access to cardholder data.
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data.
Requirement 11: Regularly test security systems and processes.
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security.
Sterling was one of the first processors to be recognized by the cardholder associations as meeting all twelve PCI DSS requirements and that has continued for the past five years.
Sterling continues to make large investments in security to meet the card associations' requirements. These investments include the purchase of surveillance, alarm and tracking systems, advanced server firewalls, new hardware, password protection and encryption software. And while these measures come at a significant cost, Sterling does not pass this on to you in the form of increased rates.
Unlike most financial institutions that impose as much as $100 in security fees, Sterling will assess a minimal one-time security fee based on an average of your last three months' processing volume.
We recognize that protecting your sensitive data is not just important to you but to your customers. We thank you for placing your trust in Sterling and are committed to providing you with the highest level of service in the industry today.
For more information about cardholder security visit www.pcisecuritystandards.org
| 
