|
Do You Protect Against Identity theft?
Rising Problem of Identity Theft
The increased use of the Internet has caused a
rise in the electronic theft of credit card
information from merchants. Many fraudulent card
transactions are directly connected to identity
theft from another merchant. These incidents
reduce consumer confidence and increase costs to
consumers, merchants and their supporting banks.
The increase in identity theft has prompted the
credit card associations (American Express,
MasterCard, Visa and Discover) to establish
security requirements for merchants. Compliance
with these requirements will increase consumer
confidence while reducing identity theft and
fraud.
Card Association Security Programs
The card associations have established the
Payment Card Industry Data Security Standard (PCI
DSS) for merchants. All major card associations
have endorsed this program.
Enforcement of these standards varies among the
card associations. Visa and MasterCard rely on
acquiring/member banks to enforce compliance
among merchants.
Consequences of non-compliance include: fines,
expensive recovery costs, and/or the loss of a
merchant's ability to accept card transactions.
These consequences are being applied to
organizations that ignore compliance deadlines
or experience card data compromise, regardless
of deadline dates.
Merchant Requirements
Every merchant that "stores, processes or
transmits" card holder data electronically is
affected by the PCI Data Security Standards (PCI
DSS). It is important to realize that this is
not only an e-commerce standard.
By definition, a card transaction means that a
merchant is transmitting data electronically,
thus, all merchants have a responsibility to
insure PCI DSS compliance.
The extent of each merchant's compliance
requirements varies depending on the volume of
cards processed, handled or transmitted and the
transaction tools used by the merchant.
Many merchants have felt that their use of a
third-party service provider removes them from
the PCI DSS requirements. A merchant's use of a
third-party provider, hosting company, gateway,
etc. does not remove the responsibility from the
merchant to insure compliance.
"If there are any service providers handling
cardholder data on an entity's [merchant's]
behalf, the entity must ensure that that
contracts with these service providers
specifically include CISP [PCI DSS] compliance
as a condition of business."
SecurityMetrics is the company we have chosen to
perform Quarterly Scans of our "external-facing"
IP addresses (our public website,
www.mattresses4backs.com), web servers, virtual
hosts, email servers, DNS servers, firewalls,
routers, application servers, and especially
custom-developed e-commerce applications.
This security test is commonly referred to as a
Vulnerability Assessment and uses hacker
techniques to discover security weaknesses in
our computers, servers and networks. Merchants
are determined "compliant" when each IP Address
and URL receives a passing status.
We are proud to display the "Identity Theft
Protected" logo as a symbol of our compliance
with these standards, and our ongoing commitment
to keep your information safe.
|