<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Get started

    8 top tips for protecting cardholder data

    Published on 27 Sep 2017 by Lynne Callister

    protecting cardholder data

    According to half-yearly figures released by the Financial Fraud Action UK (FFA UK), between January - June 2016:

    • Financial fraud losses across payment cards, remote banking and cheques came to £399.5 million (of which £321.5 million was lost via payment card fraud)
    • £678.7 million of fraud was detected and prevented by banks and card companies over the same period protecting cardholder data(£475.7 million via payment card fraud)
    • E-commerce card fraud came to £156 million, with £49.5 million due to lost or stolen cards
    • A total of £28.9 million was lost due to retail face-to-face fraud, excluding contactless payments

    Earlier this month, members of a Blackpool-based gang were sentenced after fraudulently obtaining bank cards to steal over £300,000. Preston Crown Court heard how some gang members posed as genuine account holders to order new debit and credit cards and PINs, which they then managed to intercept in the post.

    The fraudulent activity was spotted by Lloyds Bank and Barclays, who flagged it to the Dedicated Card and Payment Crime Unit (DCPCU).

    Top tips for protecting cardholder data:

    protecting cardholder data

    1. Keep cardholder data storage to a minimum - only keep data that is required for business, legal or regulatory purposes and make sure that it's kept for a limited time only. Regularly purge data which is no longer needed and dispose of it securely.
    2. Watch what you store - you must never store magnetic stripe data, CAV2/CVC2/CVV2/CID, or PIN numbers under any circumstances. And, don't store plain copies of credit cards anywhere.
    3. Use masking to hide sensitive authentication data - the first six and the last four digits are the maximum number of digits you can display. Anything else must be 'masked'. Masking is required for all credit/debit cards and prepaid cards, bank statements, receipts, and emails containing payment details.
    4. Avoid writing cardholder data down - for example, when taking payment. Key the information directly into payment systems instead.
    5. Make sure that all sensitive authentication data is rendered unrecoverable - once it's been used.
    6. Never transmit PINs or other sensitive authentication data without secure encryption - if there's a genuine business need to collect or store cardholder data, then encourage customers and partners to use a secure upload facility for this.
    7. Follow your firms established procedures at all times - to protect keys used to secure stored cardholder data against disclosure and misuse (including key-encrypting and data-encrypting keys).
    8. Change vendor-supplied settings and passwords - you'll be vulnerable to attack if you don't bother removing system default settings or change vendor-supplied passwords. Remove or disable default account settings before installing any payment system.

    Want to know more about Fraud Prevention?

    As well as 30+ free compliance training aids, we regularly publish informative Fraud blogs. And, if you're looking for a Fraud Prevention training solution, why not visit our Compliance Essentials course library.

    If you've any further questions or concerns about Fraud Prevention, just leave us a comment below this blog. We are happy to help!

    Leave a comment

    Tick

    Free Trial: Compliance Essentials

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Request now

    What are the Best Workplace Learning Theories?

    Learning theories have been developing for decades, each has their own merits. We look at six of the most well established theories to explain how you can use them to improve outcomes. When designing ...

    Read More
    Biggest GDPR Fines of 2019

    Penalties for breaching the GDPR can reach up to €20 million or 4% of annual global turnover, whichever is highest. We examine the size and reasons for the biggest GDPR fines of 2019. Ever since ...

    Read More
    Highest FCA Fines of 2019

    The FCA issued a record total of £392 million in fines in 2019. In fact, the two largest fines in 2019 were larger than the 2018 totals. We've analysed they key corporate and individual fines in ...

    Read More
    Why a Blended Approach Drives Engagement & Learning Outcomes

    It is critical that you provide training that engages your learners, but should that be face-to-face, e-learning, mentoring or something else? We explain how to blend for success... Whilst compliance ...

    Read More