|
|
|
|
|
|
|
|
Credit card accepting merchants make a potential target for (computer)criminals. They are aiming to obtain sensitive creditcard data by breaking into computer system(s) and premises of E-commerce and Mail Order-Telephone Order (MOTO) merchants. They use the vulnerabilities in the merchant’s (internet) security to their advantage.
The theft of customer- and credit card data could have major impact on your business:
- Brand damaging: negative media attention, duped cardholders, loss of customers.
- Substantial fines and penalties to be paid by your company (more than € 10(0).000)
- fees for the re-issuance of creditcards (> € 20 per compromised creditcard) to be paid by your company).
- (temporarily or permanent) termination of credit card acceptance.
- Fraudulent transactions: cardholders and other (internet) merchants could be duped by fraud that follows the card data compromised at your merchant location.
Storage of Creditcard Data: what is our policy?
To minimize the risk of a data compromise at your merchant location, EMS card policy is as follows:
- Temporarily or permanent electronic storage of card numbers (whether or not in combination with the expiry date of the card) is not permitted. Only under strict additional acceptance conditions (PCI DSS validation*) and written approval of EMS card prior to the storage, merchants may be allowed to store creditcard data.
- Temporarily or permanent storage of the CVV2 or CVC2 security code is under no circumstances permitted.
- Creditcard data must be made indecipherable (truncated) in case this data is stored ‘physically’ (e.g. on vouchers, memo’s and order forms).
* PCI DSS validation: expensive, time-consuming and returning validation of your systems and procedures by a independent third party to ensure creditcard data is securely contained.
‘If you don’t need it, don’t store it’
There is no simpler way we can put it: if you do not need to store creditcard data, please ensure this does not happen. Payment Service Providers (PSPs) offer payment solutions which prevent that creditcard data touches your systems and (often unaware!) is stored. Your website developer or PSP can assist you with the integration of your shopping-cart-software with the payment environment of your PSP. The truncation of card details stored on paper (make them unreadable) is the most simple and cost-effective solution to prevent physical storage.
For more detailed information on Data Storage, PCI DSS and to determine what data storage means to your business, please request the folder ‘Storage of Creditcard Data’ at our E-commerce Desk. Please contact us on +31 (0)20 66 00 595 or via email salessupport@emscard.com.
The purpose of this folder is to inform you what acceptance channels are permitted, which acceptance methods are allowed and which measures should be taken to safeguard data to minimize your risk.
We recommend that you read this folder also together with the folders ‘Creditcard Fraud & Prevention’, ‘Chargebacks & Prevention’ and ‘MasterCard SecureCode & Verified by Visa’.
|
|
|
|
|
Please fill in our request an offer form for a tailor-made pricing proposal |
|
|
|
|
|
|
Do you want to know how Trustwave & EMS card can help with your PCI DSS compliancy?
Download our information flyer
|
|
|
|
|
