Tips to Become PCI Compliant

In the PCI Compliance Quiz, we talked about the three key steps for complying with the Payment Card Industry Data Security Standard (PCI DSS): Assess, Remediate, and Report. For more information on those steps, go to the PCI Security Standards Council website

Beyond taking all the steps to become compliant, though, you and your employees can do a lot to prevent credit card fraud by following some simple, but important, practices every day. They don’t involve any fancy technology—just plain old common sense.

Preventing fraud in e-commerce (card-not-present) transactions

Don’t process credit card orders online unless the customer provides full information.
Don’t process credit card orders that originate from free e-mail addresses or from e-mail forwarding addresses. Ask the customer for an ISP or domain-based e-mail address that can be traced back.
If the shipping address and the billing address on the order are different, call the customer to confirm the order. Our payment gateway provides simple tools for assessing addresses, at a glance.
They could be legitimate, but be suspicious of unusually large orders and multiple transactions made with similar card numbers in a sequence; call the customer to ask questions and confirm the order.
Always call the customer to confirm the order first if you’re asked to ship it express, rush or overnight. Credit card cheaters prefer these shipping methods.
Exercise caution when processing overseas orders, especially if they show any of the characteristics noted above.
Our risk management department is also on call to assist you, should you ever like to discuss a charge with them.

Preventing fraud in retail (face-to-face) transactions

Ask for other identification (besides the credit card), such as a driver’s license or other photo ID. Check to see if the ID has been altered or looks different, since someone using a stolen credit card may also have a stolen or fake ID.
Carefully view and compare signatures on the credit card and ID card; be wary if the signatures vary, or if a signature looks altered.
Check the security features of the credit card, including those on the card’s signature panel, as well as embossing and holograms for signs of tampering or alteration.
Compare the presented card with recent lists of stolen and invalid credit card numbers.
Call for authorization of the presented credit card and take both the card and the sales slip draft with you when you make the call; then you will still have the card if the customer runs away.
Just like in e-commerce, our risk management department is also on call to assist you, should you ever like to discuss a charge with them.