Security standard adopted by card issuers
EMV is a technology standard that defines a set of requirements to ensure credit and debit cards are securely accepted on a common worldwide standard. This security standard is currently used by credit card issuers and merchants in most countries and in the U.S.
In most parts of the world, business owners can take advantage of the security chip by having cardholders “dip” their card into a card reader, where the card can be authenticated. When used with PIN codes, EMV chip cards provide retailers and banks greater confidence that the card user is the true owner by combining something the card’s real owner would have and something only they would know. Because EMV is not universally deployed, however, even chip cards continue to have magnetic stripes that are used to authenticate cards at a traditional point-of-sale device. To take full advantage of all that chip technology has to offer, U.S. retailers need to ensure they have chip readers in their point-of-sale devices.
The chip on EMV cards is a microprocessor that provides a unique code for each transaction, helping prevent card data from fraudulent reuse. Although more secure than a magnetic card stripe, EMV chips do not protect cardholder data once the payment method is validated or while the payment is processed.
Helping protect card data from the moment of swipe
Encryption and tokenization help protect card data from the moment of swipe, when the card data is immediately encrypted and transmitted for processing and replaced with a token. This eliminates the need to store primary account numbers (e.g., 16-digit card number) in your data environment, reducing your liability for card data loss in the event of a data breach.
Change default passwords
Before using a new point-of-sale device or system, change the default password. Incorporate uppercase letters, numbers and symbols in your password, and avoid common easy-to-guess passwords. Change passwords every 60 to 90 days.
No browsing on point-of-sale systems
Do not allow associates to browse the internet on any point-of-sale system, as they could click a malicious link that downloads malware or viruses. This rule also applies to any device that connects to the point-of-sale environment.
Train employees to spot suspicious transactions, compare signatures on the back of the card used and the sales receipt to ensure they match, and obtain signatures on contracts and sales orders when appropriate.
Keep point-of-sale software and firewall systems up to date
Point-of-sale software and network firewalls are vulnerable to malware attacks when updates are not installed in a timely manner.
Maintain terminal safety
Regularly inspect all point-of-sale devices or systems for tampering. Should you suspect tampering, contact your merchant services provider immediately for assistance.
Validate and maintain PCI-compliance
All businesses that accept credit or debit cards must be PCl-compliant: they must meet the payment Card Industry’s Data Security Standards (PCI DSS).
You can learn more on the official PCI Security Standards Council website, where there is a section dedicated to small businesses.
Always request the security code
The security code is typically a three-digit number printed on the back or four-digit code found on the front of all major credit cards. This code acts as an additional security feature that verifies the customer. Ask for this code before processing any transaction.
The best employers teach workers how to spot possible fraudulent transactions. Possible fraud indicators for card-not-present transactions include:
Before you process any transaction:
Whether you are processing a credit card for the first time or managing a recurring payment, merchants should always verify the pertinent card information and receive a customer’s permission to process a transaction. If a customer does not consent, processing the transaction could lead to an “unauthorized purchase” and a chargeback for your business.
For more information on fraud, please consult your Bank of America Merchant Services business consultant.