Small merchants often have only the foggiest notion of what constitutes a secure electronic payment, so a security vendor specializing in Payment Card Industry data-security standards compliance is providing a primer on the subject.
ControlScan Inc. covers the basics in “The Top 5 Security Best Practices for Small Merchants,” a four-color illustrated, 13-page white paper the company hopes independent sales organizations and sales agents will promote to clients.
The Atlanta-based vendor also is publicizing the opinion piece in email campaigns, and merchants may read it on the company’s merchant portal for its customers or on its regular website, Steve Robb, ControlScan senior vice president of products and services, tells ISO&Agent Weekly.
The white paper offers advice in “bite-sized chunks” and represents one of several attempts to “provide information on an ongoing basis,” says Heather Foster, the vendor’s vice president of marketing.
“When working with merchants we try to stick to the basics,” Robb adds. “By emphasizing those five areas we have a good start.”
ControlScan released the white paper May 16 but has been working on security best practices for merchants for some time, as evidenced by the company’s March 28 Web seminar on the subject, Foster tells PaymentsSource.
The company views small merchants’ lack of security knowledge and casual approach to security as invitations to data theft, she says.
In November, ControlScan released its third yearly study on small merchants and the PCI data security standards under the title “A ‘Perfect Storm’ of Complacency.”
The study results indicated the risk of financial loss didn’t motivate many small merchants to comply with PCI, many did not believe complying would make their businesses more secure, and many were not even aware of PCI, according to the company’s website.
To address those issues, ControlScan produced the five best-practices white paper, notes Robb.
Among the best practices, ControlScan suggests merchants come to an understanding that consumers’ personal data are in danger of theft by computer hackers who would use the information for fraudulent purchases. Another calls upon merchants to stop storing sensitive data anytime they can, Robb notes.
When they must store data, another practice says merchants should protect the information with a “well-configured” firewall, he says. Merchants also should train employees to handle data securely and institute procedures to keep data safe, and they should know their data-service providers and make sure each vendor complies with PCI standards, Robb says in rounding out the best practices.