Data security for retailers is more than protecting POS transactions!
1. Every system can be hacked your goal is to mitigate your risk
2. Your connection to the internet is your more vulnerable access point
3. Keep your firewalls and antivirus software updated.
4. Make a list of all third party vendors that have access to your customer data (outside marketing companies, vendors etc.).
5. Evaluate how your e-commerce site processes credit card transactions. Card not present transactions specifically e-commerce and phone orders are out of scope for PCI compliance. The merchant is responsible for fraud that occurs in these “card not present transactions”
6. Becoming EMV complaint is not mandated at this point but retailers not only bear the liability for fraudulent transitions if they are not complaint but customers fell their data is more secure with stores that can process chip based credit cards.
7. As more merchants come online with the new chip enabled credit card devices more fraudulent activity will migrate to e-commerce “card not present transactions”.
8. Passwords should be reset monthly- a minimum of fifteen characters- use numbers, upper and lower case and symbols
9. Meet regularly with your staff to review data security issues and best practices to keep data safe.
10. Monitor and enforce your internal data security policies