With data breach stories so prevalent in the news, security is on the minds of most merchants and customers. Consumers need to trust where they shop and you have a reputation to uphold. Reviewing security policies and potential issues with employees is more important than ever. It is vital to keep employees up to speed on data security, the dangers of card fraud, and the need for vigilance. Reinforcing clear security practices with staff will go a long way.
The National Cyber Security Alliance recommends that merchants take these specific steps to maintain cyber security in their businesses.
1. Have a strong security policy in place.
First, always screen potential hires for their trustworthiness and ability to understand and stick to the rules. Those rules should be built around the compliance requirements of the Payment Card Industry Data Security Standard (PCI DSS). Having a clearly defined policy means everyone follows the same tried-and-tested procedures and knows how seriously you take security.
Policies should include defined responsibilities for every individual, daily routines to test and ensure compliance, unambiguous rules on employee use of mobile devices and the Internet, a simple and widely understood communication process for raising concerns, and an incident response plan ready to swing into action if the worst happens.
2. Integrate your policy with a complete and documented cyber security plan.
Cyber security means protecting your data and your systems from attack as well as maintaining card transaction vigilance. Your plan should be based on an assessment of your risks and vulnerabilities, with defined processes for monitoring threats and protecting customers in the event of a data breach. The FCC has a great tool called the Small Biz Cyber Planner to help generate a plan to suit your business: www.fcc.gov/cyberplanner.
3. Train employees.
Having a policy and a plan is no good if people don’t know how to apply and use it. Make it a priority to train employees in securely handling in-person and card-not-present transactions.
Employees should also understand key basic security procedures, such as how to create strong passwords, not clicking on links and attachments in emails, and what to do if they’re suspicious about any transactions. Make them aware of the activities that should arouse suspicion for a fraudulent transaction, like multiple transactions on a single card, several cards using the same address, rush delivery requests, very large quantities ordered and international orders.
4. Follow through and maintain constant vigilance.
Cyber security is not a set-it-and-forget-it process. Criminals are constantly adapting their strategies — and they’re persistent in their efforts. So we have to adapt and persist, too.
It’s vital that you stay abreast of cybercrime activity and continuously monitor employee adherence to your policies. Stay in touch with the latest cybercrime news and trends by monitoring news reports and subscribing to specialist online information services. Krebs is an excellent source to receive cyber security updates, including breaches: www.krebsonsecurity.com.
Finally, carry out spot checks on employees to ensure they’re following security procedures and, if you do suffer a card fraud incident, find out how it happened and communicate the lessons learned. If employees know security is at the top of your agenda, they’ll keep it at the top of theirs, too.
Contributed by Veracity Payment Solutions. Through the Michigan Chamber’s partnership with Veracity, you have the opportunity to accept credit, debit and other electronically based transactions at just 0.2% above cost. Email Veracity or call them at 866-944-0055 to learn more.