Home
Education & Events
Calendar - Seminars - Foundation Scholarships - Retailer of the Year - Centennial Retailers

Ask Michigan Retailers / MORE QUESTIONS AND A MORE QUESTIONS AND ANSWERS
How can I keep my data secure?

Q. My customers trust me with their credit card data. How can I make sure my system is secure from the threat of identify theft?

A. The systems of T.J. Maxx and Marshalls were compromised recently when a widespread security breach potentially exposed more than 40 million customers to fraud and security theft based on credit card data.

Today’s hacker attacks are increasingly sophisticated, and thwarting them requires specialized tools and procedures. Investigators for the payment card industry have analyzed enormous amounts of data in order to learn about the emerging trends regarding theft of personal data.

Visa and MasterCard are able to detect fraud patterns as they emerge and help law enforcement in investigating data breaches.

According to Visa, many point-of-sale systems are still improperly storing too much data, in violation of the payment card industry’s operating regulations. Identity thieves are well aware of these vulnerabilities and target those systems to steal the information.

Visa also has found breaches involving the card security codes found on the back of cards (known as the CVC2, CVV2, CSC or CCID) or the personal identification numbers used with debit card transactions.

Merchants can limit security breaches by not storing full magnetic stripe data, CVV2, PIN numbers or PIN blocks.

Merchants should verify they are not storing prohibited data.
Visa suggests merchants follow these steps:
• Ask your POS software vendor or reseller to confirm the software version does not store full magnetic stripe data, PIN or CVV2 information.
• Review custom POS applications for any evidence of prohibited data storage and eliminate any function that enables storage of this data.
• Confirm that all cardholder data that are stored are absolutely necessary and appropriate for the transaction type.
• Verify that your software version has been validated as compliant with Payment Card Industry (PCI) Data Security Standards. For more information about PCI compliance, see http://www.visa.com/cisp or www.mastercard.com/us/merchant/security/.

Do you have a retailing question? Ask the Michigan Retailers Association
by mail: 603 South Washington Avenue, Lansing, MI 48933;
by fax: 517.372.1303;
by e-mail: mra@retailers.com.

  
About MRA
Member Services
News
Governmental Affairs
Education & Events
E-commerce
Join MRA

Contact Us

Home

Copyright©2006, Michigan Retailers Association. All Rights Reserved
retailers.com Privacy Policy