I have a hunch: as a merchant, keeping your shoppers secure is of utmost importance to you. But PCI-DSS requirements can be overly technical, confusing, or simply not applicable to your situation.
When holiday shopping season rolls around, you might feel as though you're simply hoping for the best.
Here are 4 practices to turn your best intentions into actions. The best part? They aren't super technical.
1. Read over your last completed PCI-DSS self-assessment.
Since this step may have a more technical side to it (depending on your PCI-DSS level), we're putting it first so you can get it out of the way.
The main goal in reviewing your most recent self-assessment is to uncover any tasks you put on your to-do list...and subsequently forgot about. Self-assessments have the downside of requiring self-enforcement; tasks can fall through the cracks when you're focused on running your company.
Beyond that, a review of your questionnaire can help boost your confidence in your company's payment card security practices.
If you need help completing or reviewing a self-assessment, contact us. We perform security evaluations and offer PCI-DSS compliance services.
2. Give your customers an email address and phone number where they can report phishing attempts.
Even if you're a small fish in a big pond, don't assume hackers haven't noticed you. Hackers are increasingly targeting smaller businesses with the (good) assumption that their security resources are slim to none.
Cyber criminals have likely been planning holiday phishing attacks since New Year's Day, 2017, attacks which use inside information from hundreds of small to mid-size businesses, including employee names, URL spoofs, and logos.
Let your customers know how they can alert you of any suspicious activity in your name, and keep a vigilant eye on your inbox.
3. Monitor vendor alerts and feeds.
In addition to keeping the lines open with your customers, keep an ear out for alerts (email, social media, and/or phone) from your Card Scanner and Point of Sale vendors. For most of you, the bulk of the PCI-DSS requirements fall squarely on their shoulders. And as we know, no company is immune to a breach.
Monitoring your vendors' newsfeeds will help you respond immediately if a breach occurs. Similarly, keeping their security contact information on hand allows you to immediately inform them of any suspicious activity you notice.
4. Educate your customers
Share credit card safety tips (like the ones in this article) online via your social media profiles and/or post them in your place of business.
Enjoy the rush of the holiday shopping season—in safety.