|
|
|
|
|
 |
ACCOUNT SERVICES |
 |
|
|
|
|
|
|
 |
|
|
Rising Problem of Identity Theft
The increased use of the Internet has caused a rise in the electronic
theft of credit card information from merchants. Many fraudulent card
transactions are directly connected to identity theft from another
merchant. These incidents reduce consumer confidence and increase
costs to consumers, merchants and their supporting banks.
The increase in identity theft has prompted the credit card
associations (American Express, MasterCard, Visa and Discover) to
establish security requirements for merchants. Compliance with these
requirements will increase consumer confidence while reducing identity
theft and fraud.
Card Association Security Programs
The card associations have established the Payment Card Industry Data
Security Standard (PCI DSS) for merchants. All major card associations
have endorsed this program.
Enforcement of these standards varies among the card associations. Visa
and MasterCard rely on acquiring/member banks to enforce compliance
among merchants.
Consequences of non-compliance include: fines, expensive recovery
costs, and/or the loss of a merchant's ability to accept card
transactions. These consequences are being applied to organizations
that ignore compliance deadlines or experience card data compromise,
regardless of deadline dates.
Merchant Requirements
Every merchant that "stores, processes or transmits" card holder data
electronically is affected by the PCI Data Security Standards (PCI
DSS). It is important to realize that this is not only an e-commerce
standard.
By definition, a card transaction means that a merchant is transmitting
data electronically, thus, all merchants have a responsibility to
insure PCI DSS compliance.
The extent of each merchant's compliance requirements varies depending
on the volume of cards processed, handled or transmitted and the
transaction tools used by the merchant.
Many merchants have felt that their use of a third-party service
provider removes them from the PCI DSS requirements. A merchant's use
of a third-party provider, hosting company, gateway, etc. does not
remove the responsibility from the merchant to insure compliance.
"If there are any service providers handling cardholder data on an
entity's [merchant's] behalf, the entity must ensure that that
contracts with these service providers specifically include CISP [PCI
DSS] compliance as a condition of business."
SecurityMetrics is the company
we have chosen to perform Quarterly Scans of our "external-facing" IP
addresses (our public website, www.MYREST.com), web servers, virtual
hosts, email servers, DNS servers, firewalls, routers, application
servers, and especially custom-developed e-commerce applications.
This security test is commonly referred to as a Vulnerability
Assessment and uses hacker techniques to discover security weaknesses
in our computers, servers and networks. Merchants are determined
"compliant" when each IP Address and URL receives a passing status.
We are proud to display the "Identity Theft Protected" logo as a symbol
of our compliance with these standards, and our ongoing commitment to
keep your information safe.
|
|
|
|
|
