Card machine security is the responsibility of the merchant. That’s according to the PCI Security Standards Council, which is an international organisation established by the major card companies to protect card data.
80% of attacks on card machines happen to small merchants and this % is increasing as larger merchants have taken many steps to increase security. As a small merchant you need to make sure you are PCI compliant to protect yourself against potential threats. If you are the victim of a security breach and its found you are not PCI compliant you may be subject to: fines, withdrawal of ability to offer card payments, legal costs and more.
Thieves are after card data so they can use the details to make purchases online, clone the card or even steal the cardholders identity. They can potentially access this data from a number of sources. The ones a small merchant should pay attention to are: hacked card reader, paper records, electronic records eg. database, hidden cameras and hacked payment system.
The merchant is responsible for their whole system of accepting payments and any records kept. That includes the card reader, cables, routers, the POS system, databases and paper records.
What Steps Can Merchants Take to Protect Themselves?
- Your card machine should be PCI approved
- Use only PCI approved software
- Don’t store any card data. Though it’s not illegal to store some card data, it’s not necessary so might be better not to take the risk. Storing some card data such as the 3 digit security code on the back of cards is illegal.
- Use a firewall on your computer network and PCs
- Change the password on card readers
- Use strong passwords
- Password protect and encrypt wireless routers
- Keep equipment such as card readers safe at all times
- Keep an eye out to see if equipment has been tampered with
- Teach employees about card safety
You can use the PCI’s Self Assessment Quesionaire if you want to see if you meet their current standards.
PCI compliance is important. However, the security measures are straightforward and rely on common sense. If you want to dig a bit deeper read this >> PCI Quick Reference Guide
If you have any question about chip and PIN machines and merchant services or would like a best price quote from our partner please use the contact form >> Contact