Protect card data with these resources

posted by Amanda Holmgaard on Wednesday, March 13, 2019 in SHAZAM Blog

A 2018 Gallup poll reported that 23 percent of households had personal, credit card or financial information stolen by computer hackers. This was down slightly from the previous year which reported 25 percent of households had been victimized. While this is a slight downward trend, continued vigilance is a must to ensure data security.

As payment systems become more complicated, the data that needs to be secured also becomes more complex. To help small merchants protect themselves and their customers, the Payments Card Industry Security Standards Council (PCI SSC) has published these easy-to-use tips to practice safe payments.

Ways to be more secure

PCI SSC’s tips offer ways to protect cardholder data and payments. Implement these cost effective, strong steps to help mitigate risk:

  • Use strong passwords. Many pieces of equipment and out-of-the-box software come with pre-loaded passwords, such as “password” or “admin.” These should be changed immediately to a phrase that includes a combination of upper and lowercase letters, numbers and symbols — PCI SSC uses “B1gMac&frieS” as an example of a strong passphrase. Each employee should have their own unique passphrase and it should be changed every three months.
  • Store only the data you need. Limit risk by accepting payment details over the phone or through the mail rather than allowing customers to include this sensitive information in email or text messages. If it’s necessary to keep card data in a paper format, obscure the data with a thick black marker and store in a locked drawer or safe. The best way to protect against data breaches is to not store card data at all — consider what data is truly necessary for your business to keep.
  • Inspect payment terminals. Keep a list of all payment terminals and attach photos of all sides and connections that employees can refer to when checking for skimming devices. Keep all terminals out of customer reach when they aren’t being used. Be sure to check these devices every day against the photos before accepting any transactions.
  • Install patches from your vendors promptly. Hackers commonly exploit bugs or vulnerabilities in software, which is why it’s important to always install new patches as soon as you’re notified by the vendor. When working with a new vendor, ask how often you’ll be alerted about patches and how you’ll receive installation instructions.

For added security, implement these steps in addition to the steps you’re already taking to protect your data. For a full listing of resources, visit PCI's website.


  1. card
  2. fraud
  3. security

SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney. 


comments powered by Disqus