01/31/2000

On-Line Payment Security Advice

Las Vegas, January 31, 2000 — Recently publicized accounts of credit card fraud on the Internet are no doubt alarming to consumers and merchants alike. There is no denying that Internet-based commerce is permeating society at a rapid pace. So what can merchants do to ensure the highest level of security to their on-line customers? Shift4 has some advice.

All too often the blame for security breaches, which put consumers’ credit card data in the hands of criminal hackers, falls squarely on the shoulders of the transaction software provider. However, in the recently publicized case of CD Universe, an on-line music seller, some basic systems safeguards could have prevented the incident.

What E-Commerce Merchants should not do:

  • Do not assume that your e-payment software provider is a security expert. Independent resellers with little or no technical expertise often sell credit card processing software without knowledge of security issues.
  • Do not treat the selection of payment processing software as an auxiliary item. How customers pay for your goods and services is essential to your success, so the system that supports these transactions should be regarded as such. If your web development firm is not well versed in security issues, choose another firm or demand that you choose your own payment-processing vendor.

What E-Commerce Merchants should do:

  • Enlist the services of a credit card transaction specialist with expertise in Internet, software, hardware and data security.
  • Invest in firewall security, but DO NOT rely on this single defense mechanism to protect you from every possible threat.
  • Limit all anonymous connections to your web server.
  • Store customers’ credit card data on a non-viewable directory, preferably on a separate server than that of your web pages.
  • Avoid file-based credit card processing software.
  • Look for direct sockets-based credit card processing software.
  • Prevent non-trusted employee’s physical access to web server areas.
  • Disable directory scanning.
  • Be aware that your shopping cart and other web-based software may maintain credit card data, and thus be vulnerable to attack. Secure the data in these applications as indicated above.

What on-line Shoppers should do:

  • Obtain a credit card account with a moderate limit to be used for on-line purchases only.
  • Check your card statement regularly and report suspect transactions immediately.
  • Realize that, purchase for purchase, on-line shopping has been proven to be safer than traditional mail/telephone order or face-to-face shopping.