Meeting The Challenge Of Protecting Personal Data

(NAPSI)-Not protecting customer data can lead to fraud liabilities for small businesses and result in lost customer trust.

While protecting customer data may seem intimidating, it need not be. Financial institutions and card processor companies can help by offering solutions that are designed with the small-business owner in mind.

Heather Johnson, an independent cosmetic consultant with Mary Kay Cosmetics, has a small business with a big customer list that includes friends and family members who trust her with their card information. Protecting that data poses some of the same challenges for her that big businesses face, but Johnson doesn't have an information security department to help her.

Turning to her card processor, ProPay, for help, Johnson discovered that the right solution for her business was as simple as an encrypted handheld card reader that can be as mobile as she is, but is also secure. "I never even see customers' credit card numbers," Johnson said. "I don't have to worry about losing receipts or my customers' personal information. Even if the reader is stolen, the information is protected." The system encrypts the data and, after authorization, deletes any prohibited data elements from the reader that criminals are looking for in order to make counterfeit cards.

For Johnson, the secure reader was also an opportunity to talk to her customers about the steps she was taking to protect their information. "It opens up a conversation about security and makes me look more professional. They trust me."

Visa has been working with small businesses and has invested heavily in advanced fraud-fighting technologies. Its approach has worked, with fraud rates decreasing by more than two-thirds in the past two decades. It is a good information source for small businesses looking to improve data security.

Visa offers these tips to help small-business owners prevent data loss:

• Be sure you are using secure payment software that does not store sensitive card data and adheres to industry security standards. A list of compliant vendors is available at www.pcisecurity standards.org.

• Be sure that your systems do not inadvertently store sensitive cardholder information. Check with your merchant bank or processor to determine what data you may need to retain, and what you must not retain under any circumstances.

• Follow the payment card industry's data security requirements and consider working with a security vendor to complete a vulnerability scan of your systems and a questionnaire. Many merchant banks and processors can provide referrals.

For more tips and information, visit www.visa.com/cisp.