As the COVID-19 pandemic continues to evolve, we remain committed to the health, safety and business continuity of our customers. As part of that commitment, it's important that we share fraud and security best practices to help protect your business and your customers from breaches during this vulnerable time.
As the Coronavirus has impacted how consumers participate in commerce, many businesses are shifting their day-to-day card processing methods to telephone orders and e-commerce processing. So it's important for you to understand the vulnerabilities associated with these card-not-present transaction types.
A good first step is to complete all critical patches and updates in a timely fashion to thwart cybercriminals looking to take advantage amid the pandemic.
Additionally, with phishing attacks on the rise, criminals are using the COVID-19 pandemic as their subject matter to get your attention. One known attack method is through an email that appears to be from the Government, or another official source which claims to have legitimate information regarding the pandemic. These emails can infect your systems with malware that could compromise your business and card data, so it's important to be increasingly cautious if and when these emails arrive in your inbox.
Ways to keep your business and the sensitive card information you handle safe:
- Review your remote security policies and procedures and ensure all measures are taken, including any change in how you are handling card data during this pandemic.
- Ensure you have strong passwords and limit access to card environments to critical personnel only.
- Review phishing attacks with all of your employees and stress that they use good judgement and report any suspicious activity immediately.
- Visit the PCI Security Standards Council (PCI SSC) website to learn more about COVID-19 online scams and threats.
Remaining PCI DSS Compliant
Staying Payment Card Industry Data Security Standard (PCI DSS) compliant through this pandemic is still essential to securing your business. With travel restrictions and many companies implementing a work from home policy, PCI DSS assessments may not be onsite or handled in the traditional manner. However, please know that they are still crucial and can be accomplished by remote assessments.
The PCI SSC has provided guidance on remote assessments for Qualified Security Assessors (QSA), so you can review this information and understand how your QSA may interact with you. Prior to an assessment, coordinate with your QSA and ensure that both parties agree on the assessment strategy, observation approach and evidence collection methods. Both parties should ensure that these methods still maintain the integrity of the assessment as if it were being completed onsite.
If you have questions or concerns regarding how your QSA is handling your assessment, or as a result of the pandemic, you cannot complete an assessment item while maintaining the integrity of the assessment, contact your acquirer for assistance and guidance.
At Global Payments, we understand the challenges you're experiencing as a result of COVID-19 and are committed to helping you through this time of uncertainty. If you have any questions or concerns about how to approach security in this unprecedented time, please don't hesitate to reach out to PCICompliance.UK@globalpay.com.