Low Apr
Credit Cards		 Instant Approval
Credit Cards		 Travel Reward
Credit Cards		 Prepaid
Debit Cards		 Bad Credit
Credit Card		 Business
Credit Card		 Student
Credit Cards

March 9, 2009

  • Steps to Visa PCI Compliance, Pt.4
      The comprehensive security blanket.

    Previous...

    Yet more guidelines for credit card-accepting merchants:

    • CVV2 Code: Most honest people never realize the significance of the ‘CVV2' (Card Verification Value, 2nd generation) data. But nearly all credit card thieves do. This is the little 3 or 4-digit number found on the back of VISA cards (on the front of some AMEX cards). This little security feature of the credit card ‘ups' its stolen value considerably. This little code, generally found to the right of the ‘signature strip' makes the difference between stealing under safe cover and being totally exposed. In order to place credit card charges without being physically present (like on-line or over the phone), the CVV2 code is almost always required.

    So this ‘hot little number' must be well-protected. It is verboten to store this number anywhere, after the transaction is approved. This is, perhaps the most serious type of credit card breach. These are so protected, they're not even recorded on the mag stripe.

    • PIN blocks: This secure data is right up there with CVV2's. Even in encrypted form, it's storage is disallowed. As soon as a credit card transaction is authorized, this data must go away. Items like this can show up in the strangest places. Journals and reports. Heaven forbid, ever on a receipt. It's worth the trouble to extensively ensure that these are never retained after authorization.

    • Educational Workshops: All this stuff is so important that VISA has set up seminars and workshops around the country to educate merchants and their management. This education is highly encouraged by the VISA Association for anyone who will be responsible for high-level security like credit card encryption-key management and PIN security. Most VISA-affiliated merchant banks know about this and are glad to get their merchants hooked up the this higher-level security education. Just ask them.

    • Third-party Agents: When it comes to the top-tier of security, VISA keeps a short leash on who is allowed to handle credit card-system POS keys. Therefore, before any third-party agent is to have control or privy of the keys, they must first be approved and registered with VISA by-way-of the contracted merchant bank.

    Back to Articles Main Page

Copyright © 20011, All rights reserved Extra Credit Cards