Skip to content


February 20, 2013

Many merchants may not be compliant with the Payment Card Industry (PCI) Data Security Standard (DSS) because they lack the required liability reducing technology provided by their merchant processor.  Two-thirds of merchants aren’t compliant with the PCI DSS because they store unencrypted credit card data, take payments over the phone and pose a risk with company volunteers that take credit card information.  They also lack sufficient technology to eliminate sensitive information.
PR Newswire

The use of credit cards as a method of payment allows organizations to receive payments from customers quickly and easily. However, the acceptance of credit cards comes with  risks. Hundreds of millions of U.S. records have been involved in data loss incidents and that number keeps growing. According to the Privacy Rights Clearinghouse, in 2011, 592 data breaches resulted in over 31.1 million stolen records. As of early November, 602 data breaches have resulted in over  23.5 million stolen records in 2012.

Could a breach happen at your organization? If your county receives credit card  payments either in person or online — and your systems are not secure — you could have a breach of data that is stored on a server, on paper, or on a computer. It could take many months for this breach to be discovered. In the meantime, the stolen information could have been sold and residents’ credit cards used to commit fraud by purchasing items and opening new credit card accounts.

In an effort to counter the risks, the world’s major credit card companies (payment brands) have taken steps to protect their customers’ personal information and protect  the credit card payment process. In 2004, Visa and MasterCard collaborated to create the Payment Card Industry Data Security Standards (PCI-DSS), common industry security requirements. In 2006, the five major payment brands — American Express,  Discover, JCB, MasterCard and Visa — formed the Payment Card Industry Security  Standards Council (PCI-SSC) to manage the PCI-DSS.

PCI-DSS governs any business, or organization, that accepts payment cards and stores, processes, and/or transmits cardholder data. The standard:

• focuses on protecting cardholder payment data and increasing
consumer confidence;
• mirrors best security practices for the protection of sensitive
• requires twelve basic steps for protecting credit card information;
• applies to internally developed or “homegrown” applications
that are not sold to a third party.

By: Thomas D. Smith, Director Office of Cyber Security, NYS Office of Information Technology Services

For more information on how to keep your organization secure contact Tina @ 888.413.9186

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: