PCI Best Practices for Merchants
The document outlines PCI security best practices for merchants using the ePayPolicy payment page and phone payments, emphasizing changing default passwords, creating strong unique passwords, securing or destroying paper records of card data, accepting payment details only via approved methods, ensuring service providers maintain PCI Level 1 compliance, and having a response plan for potential data compromises.
PCI Security Best Practices
Recommendations for Merchants When Collecting Credit Card Payments
Assumption
The merchant is accepting payment card transactions via the ePayPolicy payment page and occasional payments via the phone.
People
- 1.Vendor-supplied default passwords are always changed before installing a system on the network. Unnecessary default accounts are removed or disabled before installing a system on the network.
- 2.You and your staff make all passwords for computer access in your business unique and hard to guess: 7 or more characters and a combination of upper- and lower-case letters, numbers, and symbols. Consider using a passphrase as your password; you can make it personal and easy for you to remember. You and your staff use your own user accounts and passwords and do not share with one another.
Processes & Procedures
- 1.If you need to keep paper with card numbers, or card numbers along with card security codes, you make the numbers unreadable, and you secure the paper in a locked drawer or safe with limited access. For example, to make the number unreadable, mark through the number with a thick, black marker such that you cannot see the number from front or back of page if you hold it to the light; or cut the number out.
- 2.You only accept payment details via the ePayPolicy payment page or via phone. If you accidentally receive card data via e-mail, you remove it and let the sender know your preferred method to receive card details—which is via the ePayPolicy payment page or via phone.
- 3.You promptly destroy or shred written account numbers when no longer needed.
- 4.Ensure that all service providers that store, process, transmit, or impact the security of cardholder data are PCI Level 1 Compliant. The agreement includes an acknowledgment that the service providers are required to maintain PCI Level 1 compliance through annual assessments.
- 5.Have a plan in the event you feel there is a compromise. If you feel your customers’ information has been compromised, contact ePayPolicy immediately to notify of the breach. You can also refer to this document from Visa outlining additional precautions to take.
Related
Why PCI Compliance Matters for Insurance
PCI compliance is crucial for insurance agencies to securely handle clients' card transactions by adhering to the Payment Card Industry Data Security Standards (PCI DSS), which protect cardholder data from breaches, and ePayPolicy exemplifies this by maintaining Level 1 compliance—the highest security tier—thereby ensuring customer trust and safeguarding agencies from fines and reputational harm in the increasingly digital insurance payment landscape.
PCI Security Best Practices for Merchants
The document outlines PCI security best practices for merchants using the ePayPolicy payment page and phone payments, emphasizing changing default passwords, creating strong unique passwords, securing or destroying paper records of card data, accepting payment details only via approved methods, ensuring service providers maintain PCI Level 1 compliance, and having a response plan for potential data compromises.
Are these transactions secure? - ePayPolicy
ePayPolicy ensures transaction security by maintaining PCI Level 1 compliance, the highest Payment Card Industry standard, and undergoing annual audits of their systems and processes to protect customer information.
Are these transactions secure? - ePayPolicy
ePayPolicy ensures transaction security by maintaining PCI Level 1 compliance, the highest Payment Card Industry standard, and undergoing annual audits of their systems and processes to protect customer information.
Client Toolkit
The Client Toolkit provides comprehensive resources—including customizable email templates, internal announcements, branded flyers, social media posts, email signature badges, PayNow buttons, 24/7 support, a help center, and video tutorials—to help teams promote and increase utilization of digital payments through ePayPolicy.
How to Choose a Payment Processor for Your Insurance Organization
The article advises insurance organizations to select payment processors that specialize in the insurance industry by offering regulatory compliance, user-friendly interfaces, efficient authorization processes, seamless integration with core systems, PCI data security, and a balance of cost and value, emphasizing the importance of matching processor features to specific agency needs to enhance operational efficiency, compliance, customer satisfaction, and cash flow.