Merchant Account Security

For people who have merchant accounts, merchant account security isn’t just something desirable: it’s required! Merchants who accept credit card payments must incorporate the Payment Card Industry (PCI) standards for online transactions. These standards were arrived at by the Payment Card Industry Security Standards Council (PCI SSC), which consists of key players in the payment industry: American Express, Discover, JCB, MasterCard, and VISA.

An important part of the standards are the Data Security Standards (also known as PCI DSS). These are requirements and principles for both online and retail merchants for the safe handling of customer account data—both credit card information and other personal data. When these principles and requirements are followed PCI compliance is achieved.

The Elements of PCI Compliance

PCI compliance includes such things as the use of a secure network, protected by firewalls and non-generic passwords; encrypting cardholder data, instituting a management program to reduce vulnerability using anti-virus protection and other merchant account security practices, limiting access to cardholder data on a need-to-know basis and securing the servers where the data is held physically, and monitoring and testing network security regularly. Also required is PCI compliance assessment, either by a Qualified Security Assessor (QSA) or through self-assessment, as determined by PCI.

Getting Help With PCI Compliance

The demands of PCI compliance may seem challenging for small to middle size merchant accounts, but retailers and etailers. ControlScan is a business developed to provide companies in this size range with PCI compliance solutions. They also provide SSL (Secure Sockets Layer) certificates, offer network penetration testing, and do web application assessments.

The PCI compliance solution provided by ControlScan is called PCI 1-2-3. It is designed to make it easier for businesses to meet the PCI DSS requirements. It is provided in the form of an online tool via a merchant account portal as a subscription service that can be accessed on demand. The package includes what ControlSpan calls “Breach Protection” which is a sort of warranty against a suspected or actual data breach, covering the subscribing merchant account for up to $50,000, with no deductible.

The components of the subscription include:

• A self-assessment questionnaire

• Network vulnerability and web application scanning

• a DSS policy builder

• Professional support via online chat, email, or telephone

A resource library includes information in a variety of formats. It holds articles, blog posts, podcasts and webcasts, white papers and case studies, FAQs, trade publications, and industry links.

If you are interested, a free merchant account security demo is available to parties who register by supplying their email address, first and last name, company name, and phone number, at minimum.