With the news of security breaches at Heartland Payment Systems fresh on everyone's minds are questions about the security of credit card systems in the limelight. For traders who do business with an increasingly Internet-savvy customer base, it is not enough to have sufficient safeguards in place, they must also be able to communicate exactly what steps have been taken to ensure the safety of their customers' sensitive data.
Visa temporarily delisted Heartland Payment Systems as an approved service provider, when it was found that Heartland was out of compliance with the Payment Card Industry Data Security Standard (PCI DSS). Although Heartland has made corrections to its systems and has been re-erected by Visa, the fallout from an unknown amount of compromised customer data can still be felt. To ensure your customers that you do it utmost to keep their financial data from the malicious hands, be prepared to answer questions about the companies you do business with to handle your credit card processing.
Be sure that the Internet merchant account provider that handles credit card processing is reviewed annually for compliance with PCI DSS. Also, the standard accounting practice, which is controlled in accordance with the Statement on Auditing Standards No. 70, the federally mandated Sarbanes-Oxley Act and other relevant state or federal standards. You will of course be shooting yourself in the foot if your online payment gateway does not use 128-bit Secure Sockets Layer encryption.
Not all your clients will be sophisticated enough to know that they must look after these things, but you may lose confidence in dozens of customers, if only one person is not satisfied with your ability to communicate this information. To avoid unnecessary and perhaps costly complications for your business, you must ensure that these standards are in place with your credit card processing providers, and that you can successfully educate customers about these conservative measures.
No comments:
Post a Comment