According to cyber threat intelligence company Sixgill, the first half of 2019 alone saw a record number of credit card thefts. More than 23 million credit cards were stolen worldwide, with about two-thirds of those cards being stolen here in the United States. And while physical theft is still–and will always be–an issue to a certain degree, the rising concern is theft of credit card information online.
Any organization that handles credit card payments needs to be educated on these numbers while it complies with the Payment Card Industry Data Security Standard (PCI DSS), which is a set of 12 binding compliance requirements made to ensure that card data is handled in a secure and safe way, and reduces the possibility of data breaches.
The rules around PCI DSS state that stored credit card data must be encrypted at all times and various items, such as the 3-digit security code on the back of a credit card, cannot be stored anywhere once a payment has been completed and authorized. Public sector companies have to follow these steps and are required to meet the standards of PCI DSS and other strict regulations.
Each industry has its own diverse challenges when it comes to credit card payments and theft. The public sector, which includes the military, law enforcement, and public services, is not immune to these challenges. A strong security strategy to combat credit card theft must address people, technology, and processes. The PCI DSS gives organizations a base outline of requirements to build a strategy off of.
Besides the DSS’ requirements, there’s the Payment Application Data Security Standard (PA-DSS), another set of requirements for payment processing software, and PIN Transaction Security (PTS), which helps set a course for the physical hardware that is needed to conduct secure payment transactions.
Public sector organizations can check with their software, hardware, and service providers and ask if they are compliant with PA-DSS and PTS requirements while also confirming that they are not storing credit card data that is not necessary.
There may be more requirements to implement, but if an organization begins its journey with security as its base, compliance will ultimately follow.
Professional Governmental Underwriters, Inc., is a full-service risk management company dedicated to assisting public, educational and non-profit entities in the management of their professional liability exposures including educators liability insurance. We are dedicated to providing state-of-the-art professional underwriting management and loss control advisory services on behalf of our designated carriers. For more information, call us toll-free at (800) 586-6502.