Protecting cardholder information

Customers are changing how they choose to shop. They no longer need to present a card to purchase, and increasingly shop by internet, phone, mail order and fax. With this change comes an increased risk of fraud. Fraudsters can illegally access customer cardholder data through computers used to process transactions.

To protect your business and customers, you need to be aware of how you manage your customer cardholder data, including the security measures you have in place when making transactions, using your computer, and storing customer cardholder data.

There are some simple steps you can take to keep your customers’ cardholder information safe and secure, including:

• Install anti-virus software on all of your computers.
• Use passwords on all of your computers that can’t be easily guessed, and change them regularly.
• Remove customer’s authentication details such as a card validation code.
• Ensure only authorised people have access to customer card data.
• Ensure printed receipts don’t include card data.
• Store all physical records of cardholder data under lock and key.
• Only keep customer cardholder information if it is protected through encryption and you have a legitimate business reason to do so.
• If you need to dispose of physical records of card data make sure to shred the documents.
• If you use another business partner, other than the Bank, to help you with managing cardholder data, make sure they are compliant with the Payment Card Industry Data Security Standard (PCI DSS)