Point-to-Point Encryption (P2PE) protects your customer’s payment data by encrypting it at the point of entry before you send it to your processor. The data can be unencrypted using only the processor’s secure key, so even if a fraudster steals the data they can’t use it. Read more
The actions you can take to help prevent fraudulent transactions depend on whether you sell goods online or sell goods in-store.
Selling goods online
Use AVS or 3-D Secure to verify a cardholder’s identity during online transactions. Read more
The Payment Card Industry Data Security Standards (PCI-DSS) are a set of requirements that you must follow to protect sensitive cardholder data.
Sensitive cardholder data is information from a payment card that an issuing bank can use to authorize a transaction. Read more
Address Verification Service (AVS) is a fraud prevention service for card-not-present transactions and keyed transactions.
AVS prompts the cardholder to provide their billing address when they are entering their payment card details at the checkout. Read more
Yes, contactless payments are secure because they use the same encryption and security as EMV transactions. Read more
Fraud screening tools are software that analyze transactions and indicate if a transaction is likely to be fraudulent. Fraud screening tools provide you with information that allows you to decide whether to continue with the transaction. Read more
3-D Secure is a fraud prevention tool that provides additional security for online transactions. Issuing banks use 3-D Secure to help verify the cardholder’s identity during a transaction.
Note: Using 3-D Secure shifts the liability for chargebacks to the cardholder or issuing bank. Read more
To help keep sensitive cardholder data secure, we recommend that you do the following:
Keep your software and applications up to date
Make sure you have the latest updates for any software or applications on your computer or POS system. Read more
Transport Layer Security (TLS) is an encryption protocol that devices use to protect the data they send over a network. TLS helps to keep your data safe and protects it from attackers. Read more
To comply with PCI-DSS requirements, you must do the following:
Use equipment and systems that comply with the PCI-DSS’s requirements for processing and storing sensitive cardholder data
Educate your employees about the best practices for working with cardholder data
Complete an annual self-assessment questionnaire (SAQ) or an on-site audit by an external assessor each year
Carry out software scans to discover potential flaws in your system
You should also follow our best practices to help you secure your network, which include the following:
Use only PCI-DSS approved PIN entry devices
Use a properly configured firewall on your network and computers
Use strong passwords and change the default passwords on hardware and software
Share passwords with employees
Use passwords more than once
Use weak or insecure protocols for connecting to your access point
Connect to access points you don’t trust or haven’t set up yourself
Leave your POS devices unattended Read more