The rapidly changing scenarios caused by the pandemic outbreak of COVID-19 in India, has increased our reliance on technology, wherein data security has become more important now than ever. More and more people are conducting their business online and are transacting digitally, which seems to be the preferred mode of payment now. Although modern day tech-based solutions have enabled us to work fast and better, the risk of cyber fraud and data breaches continues to grow. Several global reports continue to indicate that cyber criminals are capitalizing on the crisis to commit fraud and steal private and confidential information, including payment card data.
Security of payment card data and the entire payments ecosystem is critical to the continued growth and adoption of digital payments. The PCI Security Standards Council is dedicated to providing necessary guidance to the payments industry during these evolving circumstances related to COVID-19. Here are the top 5 tips for businesses to help them protect their customers payment card data.
See Zee Business Live TV Streaming Below:
Think before you click anything
Cyber criminals use phishing and other social engineering methods to target organizations by sending legitimate-looking emails and social media messages that trick users into providing confidential data, such as payment card number, merchant account number or password. Businesses should be extra vigilant and be on the look-out for common phishing and social engineering hacks.
Work in a secure remote environment and reduce where data can be found
Situations arising out of COVID-19 has led us to continue work from remote locations. There have been several reports indicating that remote locations have been primary targets for cyber criminals for the last few months. Once cyber criminals gain access to your systems, payment card data stored, processed, or transmitted become vulnerable, and this is mainly because of weak remote access controls.
To minimize the risk of being breached, it’s important that businesses effectively manage how and when vendors are accessing your systems. You should limit use of remote access and disable it when not needed. If you have to allow remote access, ask your vendors to use multi-factor authentication and strong remote access credentials that are unique to your business and not the same as those used for other customers.
Several businesses that offer convenient payment solutions, one being telephone payments instead of face-to-face transactions, should avoid writing down payment card details and instead enter them directly into the secure terminal.
Choose strong encryption & ensure firewalls are configured properly
Strong encryption makes payment card data unreadable to people without authorized access. The payment card data stored and transmitted over networks can be protected with strong encryption. You should ask your vendors whether the payment terminal encryption is done via a point-to-point encryption solution and if it is on the PCI SSC’s List of PCI P2PE Validated Solutions.
If you are setting up a new website, you should confirm if the shopping cart provider is using proper encryption, such as TLS v1.2, to protect customers’ data. Regarding Firewall, it is a device or software that sits between your network and the Internet. It acts as a barrier to keep traffic out of your network and systems that you don’t want and didn’t authorize. Firewall rules can seem complex but configuring them properly is vital to security.
Constantly update software & make use of strong passwords
Cyber criminals often look for outdated software to exploit flaws in unpatched systems. Timely installation of security patches is important to reduce risk of data breaches. Constant monitoring by regular software scans is also another way to identify security issues. PCISSC approved vendors can help businesses identify vulnerabilities and misconfigurations in your internet-facing payment systems, e-commerce website, etc. Also the usage of weak passwords is found to be one of the leading causes of payment data breaches for several businesses. To protect data efficiently passwords must be strong and updated regularly.
Lastly, choose trusted vendors and partners
In any business that requires dealing with sensitive information it is critical that you know who your solution partners, vendors and / or service providers are, and what security questions to ask them. You must definitely check if whether or not your service provider is adhering to PCI DSS requirements. Especially for e-commerce merchants and those who have started accepting e-commerce payments in lieu of face-to-face payments, it is important that your payment service providers are PCI DSS compliant, including your service providers that manages your payment process.
(By Nitin Bhatnagar: The author is the Associate Director – India at PCI Security Standards Council and holds a Master’s degree in Cyber Law & Information Security from the Indian Institute of Information Technology)