Risks of processing credit cards you don’t physically see

February 12, 2016

Instances of card-not-present (CNP) fraud will likely increase over the next two to three years with the U.S. adoption of credit and debit chip cards. This was the case in European countries, following EMV (Europay, MasterCard, and Visa) adoption.

To truly protect customer credit card and personal identifying information (PII), you must remove as much of the sensitive data from the merchant’s system as possible – aka: take the merchant out of PCI scope.  In this sense, if the data doesn’t touch the merchant’s environment, there isn’t any valuable information to steal. Simple, right?

Although this suggested security concept sounds elementary (zero valuable data = zero risk), there are five critical levels of security you must attend to in order to properly arm yourself against a breach:Physical device security for card-present transactions

  1. Security for card-not-present transactions
  2. Terminal to gateway transmission
  3. Gateway to bank transmission
  4. Strict network monitoring/vulnerability management program

The consequences of a security data breach are pervasive and lasting – a Ponemon Institute study found the associated litigation may result in $217 per compromised record. With that being said, that’s around $1 million for every 4,600 cards on file.

Contributed by Jordan Brent, Business Development Director, CardConnect. Through the Michigan Chamber’s partnership with CardConnect, you have the opportunity to accept credit, debit and other electronically based transactions at just 0.2% above cost. Email CardConnect or call 877.948.9733 to learn more.