E-commerce and Protecting Credit Card Information

The industry is racing to tighten security standards and the online merchant is now burdened with becoming an expert in all the different credit card industry regulations. The onus is on the merchant to protect all the informationthat they gather. Each credit card company has very specific regulations that all merchants that process their cards must follow. Leading the charge are the CISP and the PCI regulations.

About the CISP and PCI regulations:

CISP compliance is required of all merchants and service providers that store, process, or transmit Visa cardholder data. The program applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e-commerce. To achieve compliance with CISP, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard, which offers a single approach to safeguarding sensitive data for all card brands. This Standard is a result of a collaboration between Visa and MasterCard and is designed to create common industry security requirements, incorporating the CISP requirements. Other card companies operating in the U.S. have also endorsed the PCI Data Security Standard within their respective programs.

Here are some rules of thumb that ecommerce merchants should review relating to the CISP and PCI regulations.

1. Choose a shopping cart solution that is CISP / PCI certified. If not certified, the solution MUST be at least complaint.
2. Sign up for a ScanAlert account.
3. Never store any customer credit card information on your local area network or workstation.
4.. If possible, set your payment gateway to process credit card orders without passing the information to your store’s database.
5. If you store credit card information in your store’s database, create an aggressive policy of deleting this data after a certain number of days.
6. Create a complex and difficult to crack password for your store. Change this password monthly. Never write down your password. If you must record it, store it in a safe.
7. If you process phone orders, enter them through your store’s admin panel. The idea is to keep your sensitive data in one location. One location is easier to secure and police.
8. Follow the recommended security practices of your shopping cart solution.