Visa, MasterCard Unveil New Security Rules
< Payment Industry News Home
If you are the holder of a Visa or Mastercard credit card, you maybe interested in knowing there are new security rules being released soon. These rules will effect any organization that deals with your credit card data. These new rules for credit card processing will help protect your personal data against those looking to steal it and use it for fraudulent reasons.
These new rules come as an update of the Payment Card Industry (PCI) data security standard that was set up in June of 2005 as a response of feedback about the need for better information security. In order to safeguard your personal information, any organization that processes, stores, or transmits your account or transaction information must adhere to certain requirements as established by the PCI security standard. Things such as having a firewall configuration in place, maintain a written policy about information security, and restricting access to data to only those who absolutely need it then assigning them a unique ID in order to track any access made to data is only part of the requirements of an organization.
Why are the new updates needed? One part of the update in particular will aim at protecting online credit card data from web threats. Online merchants will be required to follow these standards to help protect online theft. Another part of the update will require that organizations using third parties, such as requiring hosting providers to have similar policies and protection in place to ensure that the data is not stolen. Much of the update deals with technical issues such as activity monitoring, data encryption, and access controls for end-users.
There are three different merchant levels based on how many transaction they process each year. Level 1 consists of merchants that process more than 6 million transactions a year, Level 2 consists of merchants that process between 500,000 and 6 million each year, and finally, Level 3 consists of those that process less than 500,000 each year. Level 1 data processors were required to comply with the PCI standards by September, 20, 2004. Level 2 was required to comply with the standards by June of last year. The problem may lie with Level 3, which to this point has been subject to compliance, not by a particular date, but by their own determination. In these new updates, it may be required that organizations comply with PCI standards within the next two years.
How can these PCI standards be enforced? Merchants, including online merchants, receive protection from fines if they are found to be using the PCI standards when a situation occurs in which credit card data is compromised. However, if they are found to not in compliance with the standards at the time of the beach of security, they can be fined. The cost is substantial. The first violation within a year’s time would be $50,000, the second $100,000, and the third would be up to management discretion. Merchants who fail to immediately report a loss of credit card data could result in a fine between $100,000 and $500,000.
So it is in the best interest of the credit card processing organization, online merchant, and anyone else coming in contact with the credit card data to use the PCI standards to protect your data in full observance of the standards set. Those data processors found not complying with the Payment Card Industry Data Security standards may not only find themselves being fined, but having their ability to accept VISA or Mastercards completely revoked.
Companies of any size can turn to a payment processing solution company such as BankCard Central to ensure that the processing of the credit card data they receive is compliant with all PCI standards.
|
