How a layered security approach can help you protect customer data and your business
Payment card industry compliance, encryption, tokenization, and chip card technology can help you safeguard your customers' data.
Tackling credit and debit card fraud is no small task. That's why it takes a multilayered approach to protect customer data.
Although you can't stop data thieves from targeting your business, you can help prevent them from stealing your customers' credit and debit card information by integrating multiple layers of security into your business practices.
PCI (Payment Card Industry) compliance
Small or large, every merchant that accepts card payments should comply with the PCI Data Security Standard (PCI DSS), the foundation of a layered security approach. Developed by the PCI Security Standards Council, the PCI DSS includes procedures to secure card readers, point-of-sale (POS) systems, retail store networks, wireless routers, data storage and transmission, and paper-based records.
To be certified as PCI-compliant, you must follow and continually repeat a three-step process:
Assessment: identifying cardholder data, taking inventory of IT assets and business processes for payment processing, and analyzing vulnerabilities that could expose cardholder data
Remediation: fixing vulnerabilities
Reporting: compiling required remediation validation records and submitting them along with compliance reports to the acquiring bank and card brands with which you do business
PCI requirements are regularly updated to keep up with the latest in security. Information about PCI compliance may be found at www.pcisecuritystandards.org. Work regularly with your payment processor to ensure PCI compliance.
Encryption and tokenization
Encryption and tokenization can further enhance data security:
Encryption secures payment data transmitted over networks by converting it into a cryptogram that's difficult for hackers to decipher.
Tokenization secures payment data stored in merchant systems by replacing account numbers with randomly generated numbers known as tokens.
Your payment processor can provide information about encryption and tokenization solutions that can help secure customer data.
EMV chip card technology
For businesses that take in-person payments, accepting EMV chip cards is an important layer of security. Chip cards have an embedded microchip that's more difficult to counterfeit than the standard magnetic stripe. Information on a chip card changes with each transaction, ensuring even more security.
More than 70% of Americans have at least one chip card,1 which have already reduced the percentage of in-person counterfeit fraud by almost 40%.2
No one solution can protect your business from cyber thieves, but layered one on top of another, multiple solutions can provide maximum protection.
For secure payment processing solutions, visit a local Wells Fargo location and ask about Wells Fargo Merchant Services or visit wellsfargo.com/biz/merchant.
2 Visa Chip Card Update: September 2016