Credit
card acceptants are a potential target for (computer) criminals who aim
at acquiring credit card data by hacking computer systems of e-commerce
and Mail Order/Telephone Order (MOTO) Acceptants. To this end they
exploit (internet) security weaknesses.
Customer and credit card data theft can result in:
- image loss for your company (victimised card holders, loss of customers)
- considerable fines for your company (> € 10(0).000)
- (temporary) suspension of your credit card acceptance facilities
- liability for re-issue costs of credit cards
- fraudulent transactions that cause damage to cardholders and (internet) merchants
Credit card data storage: what is allowed?
In order to minimise the risk of theft and related potential image and financial damage, EMS postulates that:
- temporary or permanent electronic storage of card number(s) whether or not in combination with the expiration date is prohibited.
Electronic storage is allowed only under strict additional conditions
(such as PCI DSS validation*) and with the explicit permission of EMS;
- temporary or permanent storage of the CVC security code is never allowed;
- credit card data stored physically (e.g. on order slips, notes) should be made illegible after authorisation.
- PCI DSS validation: (third party) certification of your systems and procedures with respect to safe storage of credit card data.
‘If you don’t need it, don’t store it’
We cannot put it more simply: when you don’t have to store credit card data, just make sure it you don’t. Payment
Service Providers offer payment solutions that prevent credit card data
from ‘penetrating’ your systems and being stored (often unknowingly). It
is relatively simple for yourself or your website developers to
integrate your check-out system with the payment environment of the
Payment Service Provider.
‘Masking’ credit card data on paper is the most simple and efficient means to prevent storage on paper.
Download the Storage of credit card data brochure for more
information on storing credit card data. The brochure deals in great
detail with the acceptance procedures which are and aren’t allowed, as
well as with the payment solutions and measures which can greatly reduce
the risks.
EMS advises to read this brochure in conjunction with the brochures 'Credit card Fraud & Prevention’, 'Chargebacks & Prevention' and ‘MasterCard SecureCode & Verified by Visa’.