As the holiday season descends upon us, it's especially important for companies to pay attention to how they process credit cards. More so than ever before, customers are using those little pieces of plastic to swipe purchases, and cyber criminals have taken notice.
In 2014 there were 1,540 data breaches worldwide. It may not seem like a large number, but consider this: That tally is up 46 percent from the year before and led to the compromise of nearly one billion pieces of data. In 2014 alone, 32 records were lost or stolen every second, with North America the most likely place for a breach to occur.
Those statistics should make any company think twice about the type of credit card processing system they're using and the type of standards they've set in place to protect consumers.
To better keep customers' personal identifiable information protected, we've put together a list of three credit card processing rules companies should follow:
1. Follow EMV standards
EMV stands for "Europay, MasterCard and Visa." EMV compliance means credit cards are now equipped with a microchip that is much more difficult to counterfeit. The United States finally adopted this rule because nearly half of the world's credit card fraud takes place within the country. Europe had actually been using EMV cards for years while the U.S. was still holding tight to its magnetic-strip-only-card tradition.
Companies who failed to transition over to EMV compliant credit cards by the October 1, 2015 deadline are likely be on the books for "liability shift." This means if a criminal pays for an item using a counterfeit EMV chip card and it doesn't have the correct reader to process the transaction, the company will be responsible for the amount stolen. Prior to EMV compliance, banks would absorb the cost.
2. Be PCI compliant
PCI compliance, also known as the PCI Security Standards, is the requirements set forth by the PCI Security Standards Council to ensure companies properly protect a cardholder's data. These standards cover five key objectives: firewalls, encrypted data, anti-virus software, information usage and company culture.
The Council sets the rules and the major credit card brands enforce the regulations. Companies who accept major credit cards like Visa, Mastercard, or Amex must then abide by the statute's set in place.
3. Adhere to truncation
When you print out credit card receipts, does your customers' credit number appear on it? It shouldn't. Truncation means that electronically printed receipts will only show part of the card number, usually the last four digits. This will prevent thieves from using lost receipts for fraudulent transactions.
Truncation laws came about in the early 2000s. On July 1, 2003, Visa required that all companies that accepted their credit cards to provide customers with truncated numbers and no expiration date. They grandfathered in existing machines with the deadline being July 1, 2006.