How to Protect Your Business by Securing Customer Data

Accepting credit cards can benefit your business in a lot of ways, but it also carries a big responsibility. You must protect the customer data you collect from being stolen by hackers or unintentionally released.

Major players in the card industry have done their part to help by creating a set of security practices to guard cardholders’ data. It’s known as the Payment Card Industry Data Security Standard (PCI DSS), Opens in a new tab1 and merchants accepting cards must show they comply with the standard or they risk substantial fines. While that might seem daunting, it’s key to protecting your customers and your business. First Citizens Bank partners with ControlScan® to help merchants follow the rules.

It can be helpful for you to understand what’s involved in PCI compliance. Read the list below for an overview of the requirements.

Secured network and systems

PCI-compliant businesses should use a firewall to keep tight controls on data traffic into and out of their networks. You’ll also need to change the pre-set passwords on your network equipment and payment software — these passwords are usually well-known to hackers, so it’s important to change them, ideally when the equipment is first set up.

Safe storage and transmission of customer data

Your system should keep only the minimum cardholder data — nothing more than what your business needs. Customers’ account numbers should be unreadable when they’re being stored. If they are displayed, they’ll show only the first six digits or the last four ones. All data should be encrypted when it’s transmitted across the internet or other open, public networks.

Malware protection

All your computers and servers should have anti malware software that you update regularly. The software provider may sometimes send out security \"patches\" to protect against new threats, and those should be put into place as quickly as possible.

Controlled employee access

Only employees who really need it should have access to systems that hold cardholder data — and each person should use a unique username and password every time they log into those systems. For an added layer of security, businesses should use two-factor authentication, where users must also type in a one-time code sent via text or a special device.

Closely monitored and tested networks

An IT specialist should regularly test security on all parts of your system and processes. Detection systems — which function like security alarms for your network — can alert you if it seems like an unauthorized party is trying to break in or change your system files. Your monitor may help you create a plan for what you and your staff should do if there’s a breach.

Strong employee security policies

With the help of your PCI compliance partner, you’ll make a list of all data security rules employees have to follow, as well any specific responsibilities that are assigned to individuals. This policy should include general IT security guidelines for your entire team, such as how to keep email accounts and mobile devices safe.

These are just some of the security practices that keep you in line with card industry requirements. Your merchant service provider, First Citizens Bank, can help connect you with services and resources to help you comply with the full PCI standard in order to secure your customers’ data — and your business.