by Amanda Bernard, CPA, CFE, CMA
Theft of customer credit card information can cause significant risk exposure to businesses accepting credit card payments. Any business accepting payments in this manner can become a victim of fraud, and the resulting exposure it creates for a business’s reputation can be devastating. The key to protecting your business from credit card fraud is being proactive. Businesses should verify their credit card processing intermediary complies with the Payment Card Industry (PCI) Data Security Standard, an information security standard created to increase controls around cardholder data to reduce credit card fraud. Here are some additional ways a business can protect itself from a data breach:
• Maintain up to date credit card processing systems and software.
• Run background checks on all employees and contractors handling customer data at time of hire and periodically during employment.
• Install malware detection software on all servers and workstations and make sure firewalls are fully functional and secure.
• Make sure customer data is stored within an encrypted database.
• Ensure passwords are required to access any database that contains customer information and establish a procedure for routine changing of passwords.
• Establish and implement a process for routine review and assessment of network security controls to monitor their effectiveness. Update controls and procedures as needed.
• Create a reaction plan in case a data breach occurs.
• Hire an attorney to review standard customer contracts to manage risk of the business being held liable in the event of a stolen data incident.
• Investigate and evaluate data breach insurance options.