MasterCard and the PCI Data Security Standard
Data theft from online merchants, providers and third party processors is increasing at an alarming rate. Card associations developed the Payment Card Industry (PCI) Data Security Standard to help combat compromises. MasterCard was a primary sponsor in the PCI Data Security Standard during its inception in 2005.
MasterCard Site Data Protection
MasterCard Site Data Protection (SDP) is a component of the PCI Data Security Standard. This program provides guidelines to merchants, acquirers, providers and compliance tools to help protect credit card data.
Being PCI Compliant
Being PCI compliant is not just getting scanned by a vendor like
ControlScan. It is also adhering to standards, like storing card holder data and only allowing certain personnel access to cardholder data; completing a
self-assessment questionnaire;
and a possible on-site review (for
Level One Merchants and
Level One and Two Service
Providers).
Storing Cardholder Data
Under PCI Standards, companies can store a cardholder's account number in a secure fashion. The account number should be encrypted or truncated. You can store the expiration date and cardholder's name as well. If these are stored in along with cardholder's primary account number, they should be encrypted as well. Merchants are not authorized to stored the CVC2 or Personal Identification Number (PIN).
Failure to Comply
Failure to comply with these standards can result in fines imposed by MasterCard.
Level One Merchants along with Level One and Two Service Providers can be fined
up to $25,000 USD per merchant or service provider. Level Two and Three
Merchants can be fined up to $5,000 USD per merchant. Further
non-compliance may also result in termination of your merchant account.
Comments