As the internet grows so does e-commerce and fraud. Merchants have
the obligation to protect themselves and their customers from fraud and
potential compromised data.
At the very basic level are
SSL certificates.
These help to encrypt the data between the end user and the server.
You should see a lock somewhere on your browser indicating that you are
in a secure mode.
Secure Scan
HackerGuardian
will provide you with a
free scan
of your website to see if your website is secure.
They also offer a
daily scan
service that comes with a free TrustLogo.
Cardholder Information Security Program - CISP
Even Visa and MasterCard have jumped on board and required some merchants
(depending on their level of processing)
to be CISP compliant based on transaction volume over a 12-month period.
Merchant Level One - CISP
Merchants meet Level One if they:
- Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year
- Any merchant that has suffered a hack or an attack that resulted in an account data compromise
- Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system
- Any merchant identified by any other payment card brand as Level 1
Merchant Level Two - CISP
Merchants meet Level Two CISP:
- Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year
Merchant Level Three - CISP
Merchants meet Level Three:
- Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year
Merchant Level Four - CISP
Merchants meet Level Four:
- Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year
CISP Compliancy
To become CISP compliant, you will need at least a quarterly scan by a PCI vendor like
ControlScan and answer a
self-assessment questionnaire.
ControlScan
will also work with you to become CISP compliant. If you are a
Level One Merchant, you will need an Annual On-site PCI Data Security
Assessment validated by a qualified security assessor or internal audit
if signed by Officer of the company.
