Unless you live under a rock, you’ve most certainly heard about the rampant credit card breaches in several point-of-sale systems including those at Home Depot, Target, and more. You’ve heard about stolen data from healthcare companies, online dating companies, and government databases. And you’ve been bombarded with lots of technical articles about PCI compliance, EVI data chip readers, anti-virus software, and other technologies meant to prevent these and other breaches from happening.
However, even with all of these reports and resources out there, I am continually surprised to hear that many merchants and their employees, while interrogating their software providers in detail about PCI compliance and chip card readers, often don’t follow the most basic in-house steps to prevent devastating losses.
So here’s a list reminder of ten small things you can/should do, which can make a big difference, but which are often dismissed or ignored altogether:
1. Never use a single log in for multiple users of any software. Each user should have their own log in and password, and should not share that information with anyone.
2. Of course, each user should only be granted as much access as they need to the software to perform their job duties – take advantage of those access levels!
3. Merchants should have a simple way to deactivate any user at any time, and should always immediately deactivate any user that leaves their employment or is seen as a potential threat for any reason whatsoever.
4. Always run good anti-virus software on every computer – it will save you from a lot of headaches. There are plenty of free packages out there – there’s no excuse not to do this.
5. Never save your log in credentials or even just your password to your browser’s memory. If you do, everyone who has access to your computer, whether legitimate or not, has all the access you do to the company systems.
6. Require a CVV number when accepting credit cards in your online store. Criminals with stolen credit card numbers will pass right by your store if you do so – or they will stop and make a purchase if you don’t – and the merchant is liable for the losses, not the bank or the consumer.
7. If your software allows this as Nexternal does, lock your online store to countries to which you don’t ship, and lock access to your back office order management system to all countries where you don’t have employees using the system.
8. Pay attention to the fraud warnings provided by your eCommerce software and your payment gateway. For example – Nexternal warns the merchant every time a purchase is made from a country that is different than the billing address on the credit card – which can be, but is not always, a fraudulent transaction. Don’t ignore these warnings – vet the purchaser before sending out the merchandise.
9. When using a site for which you have to log in, always formally log out when you are finished – do not simply close the browser window – that leaves you logged in and exposed.
10. Don’t leave your handbag on the seat next to you at the casino (or in other public places) – it’s easy prey for lifting …oh wait – wrong blog post – but you get the point! Tablets, laptops, mobile phones and such should be well-guarded, and password protected for access at all times.
These items are easy to dismiss because you trust your friends and family with whom you work, it’s a small place and very little public access, or you think you don’t have the time to pay attention to these details. If you don’t think these things apply to you, I’m happy to put you in touch with several merchants who used to think that way, too. Until…
To learn more about how to set up and manage users, require a CVV, manage foreign access, and other points above in your Nexternal system, and for more handy security tips in general, Nexternal customers can contact their dedicated account manager directly. Stay protected!