This page contains a Flash digital edition of a book.
T H E


T O P 1 0 TOP 10BUSINESS BEST PRACTICES FOR FIGHTING CREDIT CARD THEFT AND FRAUD


1. The Best Defence is a Multilayered Of- fence. Assume your company’s computer systems will be compromised at some point and plan for it. A good payment se- curity system should detect intrusions and also have multiple deterrence layers that effectively complicate a breach attempt.


2. Form an Internal SWAT Team. Assemble an internal “hazmat” team that thinks and works strategically to prevent and deter at- tacks rather than just detect them. Estab- lish policies that address your company’s information security requirements and processes, then share those policies with employees, suppliers and vendors.


3. Use Your Head. Train administrators and other users of your payment system to keep an eye out for “things that don’t be- long” — unexpected account usage, for example, and to sound an alert in case of anomalies.


4. Lock Down System Gateways and End- points. Protecting against malicious


viruses, malware and spyware infections is often the first line of defence against a security breach. Your network architec- ture and PCs should be scanned frequently for vulnerabilities; every trans- action point where payment information is exchanged should be scrutinized, and all document payment data flows and touch points secured.


5. Stay Informed. When deciding on tech- nologies for payment processing, be fluent in privacy protection, as well as the 12 credit card protection and com- pliance requirements under the Payment Card Industry Data Security Standards (PCI DSS).


6. Foster Awareness. Ensure all employees, contract personnel and business part- ners know your company’s fraud policies, practices and fraud-response processes.


7. Adopt Industry Safeguards. Becoming PCI-certified doesn’t magically shield a business from losing data or provide


impenetrable security against hackers or malware, but the standards have proven to be an excellent roadmap for data se- curity best practices. Use PCI DSS not only for card activity, but also as a roadmap for protecting access to other sensitive information.


8. Don’t Collect What You Can’t Protect. Unless it’s absolutely necessary to retain payment or cardholder data, don’t.


9. Change the Target. Tokenization is one of the best strategic weapons for protecting financial data. This process safely re- places a customer’s real 16-digit credit card numbers or bank account data with a randomly generated string of charac- ters called tokens, which then become useless to would-be hackers.


10. Do Your Outsourcing Homework. When choosing an outside payment system or data security vendor, make sure they have deep security capabilities and a like-minded business focus.


Provided by 3Delta Systems (www.3dsi.com), a provider of credit card processing solutions to enterprise, business-to-business and business-to-government customers.


WWW.SECURITYMATTERSMAG.COM


FOLLOW US ON


AND


• SECURITY MATTERS 11


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28