Protect yourself against data theft
How to protect cardholder data and what to do in the event of a data incident. Ensure that your cashless payment transactions are secure.
We take data protection seriously and are committed to protecting cardholder data. Unfortunately, criminals get hold of card data all the time. They do this, for example, with skimming devices that they attach to the payment terminal. Another method used by criminals is stealing the terminal and replacing it with a manipulated terminal on which malware (malicious software) has been installed. It is also possible to intercept an incorrect data transfer from the terminal to the cash register. Therefore, only send encrypted card data to the cash register. Last, but not least, payment receipts and reports can be stolen.
Unauthorized use of data negatively impacts consumers, merchants and card issuers. The "Payment Card Industry Data Security Standards" (PCI DSS) counter this threat and help strengthen your customers’ trust and confidence. The security standards were developed by American Express, Visa International, Mastercard, JCB and Discover. They are published by the "PCI Security Standards Council" and regulate the technical and operational requirements of all parties that store, process or transmit card data.
Important security measures
Be on the safe side and actively note these security tips:
- Change the passwords for your terminals and computers regularly.
- Do not use default passwords that have been preset by the manufacturer.
- Use complex passwords with upper and lower case letters, numbers and special characters.
- Always store and transmit card data in encrypted form.
- Do not store sensitive data such as PIN, CVC/CVV2 or the magnetic strip.
- Rely on PCI-DSS certified service providers and devices.
- Get advice if you have questions about the PCI DSS.
- Comply with security standards.
As part of your responsibility, we require that you comply with your agreement’s security provisions and the PCI DSS. Please note that we update our policies from time to time. If you have more than 50,000 American Express transactions per year, you are required to document your PCI-DSS security measures. However, this is also recommended for fewer transactions.
Procedure in the event of a data incident
You must notify us within 24 hours of discovering a data incident, but preferably immediately. To do so, contact the Swisscard Merchant Services team by phone (044 659 64 44) or by email (firstname.lastname@example.org).