Credit cards have become one of the most dominant forms of currency in America. With the convenience of things like online shopping and being able to use your credit card almost anywhere you go, fears of identity theft and other serious scams are rising. Add clever hackers and thieves into the mix and it is easy to see the importance of credit card security for the everyday person.
Visa and MasterCard International have compiled a set of 12 guidelines called the Payment Card Industry (PCI) Data Security Standards. These guidelines regulate transactions between the credit card companies and merchants. Even though they were put in place back in 2005, some merchants have been better at implementing these rules than others. Now, Visa and MasterCard have threatened to stop doing business with merchants who don't fall in line. These companies also face other penalties such as fines.
Discover Card has also stepped up its security with the Secure Online Account Number Program. This program substitutes a random number in place of your account number when it sends your information to the merchant. When the merchant verifies the substituted number with Discover Card, it links back to your account. With this system, the merchant never sees your true account number, and therefore can't steal it. The random number gets deleted once it's used, preventing anyone from copying it and trying to use it illegally.
Updated Security Standards
The new PCI Data Security Standards require that merchants submit a scan of their payment software to Visa and Mastercard. The software scans are searched for vulnerabilities and must be submitted by the middle of the year. Prior to this, merchants only had to verify that no security holes existed in their network.
On the downside, merchants will now have more alternatives to using encryption when securing consumer data, such as firewall and access controls.
Why is this change happening? Older payment systems, that many merchants still have, can't support new encryption technology.
Is there such a thing as cyber credit card security? We've all heard horror stories of the hackers out there breaking into unbeatable systems; even successful movies have been made on the topic. With so many threats looming over cyberspace shopping, how can you ensure credit card security?
Some online merchants require that your billing address and shipping address match. This way, hackers who have managed to steal your account number but don't know your billing address cannot use your credit card to purchase anything. Additionally, if someone steals your card and tries to use it online, the merchandise has to get shipped to your address.
In other places, third party systems help to ensure credit card online security. One example is VeriSign's Secure Sockets Layer (SSL). Merchants using this system receive two keys from VeriSign. They use the public key to encrypt information and the private key to decipher it.
The card security code (CSC) is also known as the Card Verification Code (CVC). It is found on all credit and debit cards and it helps to protect against fraud. The first code, called the CVC1, is encoded within the magnetic strip of the card. The merchant retrieves it when swiping your card through their machine.
The second codes is called the CVC2, also known as the Credit Card ID. This is the code often requested by online merchants. It is used when you're shopping over the phone or on the Internet, or essentially any time you aren't physically present with your card while shopping.
How do you find your credit card security code? It is always either a 3- or 4-digit number located somewhere on the card.
MasterCard, Discover, and Visa all have a 3-digit number on the back of the card. It is the final grouping of numbers printed after the signature strip. MasterCard calls this number the Card Validation Code, Visa calls it the Card Verification Value, and Discover calls it the Card Identification Number. That may be confusing, but they are all the same thing.
American Express has a 4-digit code on the front of the card above the account number, and they call it the Unique Card Code. It is printed flat on the card and is not embossed like the account number.
If someone manages to steal your account number online, it is less likely that they'll also have your security code. Visa goes a step further and bans online merchants from storing the security code number once the transaction is complete. However, if the credit card is physically stolen, then the thief will know the account number and the CVC and it won't protect you.
Encryption systems are still the best way to keep your data safe. Merchants both in the real world and in cyberspace, or third party systems like VeriSign, do provide a great deal of protection that should allow you to use your credit card without feeling threatened. Nothing is a complete guarantee, but those steps do help keep you and your financial information safe.