Here Ye Here Ye!
Are you accepting Credit Cards over email?
To that, the CyberGnome says BOOOO!
Two of the most frequent situations where I see organizations accepting credit cards over email are mom-and-pop businesses that sell a service rather than a product or non-profit organizations that collect money for registrations. These organizations aren’t doing thousands of transactions a day, but the sad thing is they are often the most vulnerable to malicious attacks.
Remember, email is a fantastic tool that was set up to meet the cybersecurity standards of 1971. Bank-issued Credit Cards got their start in the late 1950s. Combining these pre-digital age tools in our current internet landscape is a recipe for disaster.
So, if you read this cranky blog and realize that you are still sending credit card information via email, one of three things will happen. Your digital HOUSE IS ON FIRE! You need to resolve this problem as soon as possible, and it’s probably not going to be as expensive as you think.
A few questions to ask yourself are:
1. Does my current IT team know that you’re accepting credit cards over email?
2. Do I have an IT team that provides proactive support?
If you answered no to either of those questions, it’s time to seriously consider putting the proper resources in place.
Some fundamental standards for PCI (Payment Card Industry) compliance are:
· Card verification codes cannot be retained after authorization, even if encrypted. If it's in an email, it probably is being retained.
· Credit card numbers need to be encrypted whenever transmitted over the Internet. If it's in email, then they probably aren’t being encrypted.
Accepting payments safely and effectively is the lifeblood of any organization and should be given due attention. Protecting Credit Card information can be highly complex, and we work to ensure you understand why this is important and that as you update how your company does business, you’re able to navigate this sensitive information safely and easily.
Don’t try to wing it with PCI compliance.
Our Comprehensive Solutions Framework Includes:
· Pre-approved Scans: Identifying network vulnerabilities through trusted partners. We hold ourselves to the highest standards to make sure you’re protected.
· Customized Training: Equipping every employee with the knowledge to protect sensitive data effectively. Just like you expect every employee to protect your organization’s physical space, it’s important to also have everyone protecting your digital space.
· Specialized Hardware: We want this critical work to be as easy for you as possible. We have proprietary hardware that streamlines your network setup and enhances security protocols.
· Ongoing Policy and Procedure Updates: Cybersecurity is not a one-and-done conversation. As part of our regular business, we ensure your business stays aligned with the latest compliance requirements.