Online scams and credit card frauds are rampant! Though technology regularly spews out latest methods to curtail the menace, there’s little stopping the fraudulent elements. To ensure security of both the merchants as well as the clients, having a security company to do regular security reviews of merchant websites, is a great idea.

Following are factors that must be checked while conducting these security checks:
- The CVV or any other critical data must not be stored by the merchant on a disc or otherwise. Also this information must never be transmitted in an unencrypted fashion.
- Secondly, ensure that merchant websites conduct remote network vulnerability scanning and penetration testing and on-site vulnerability assessments.
- Card data that is stored or transmitted must be done so in an encrypted fashion. A god idea would be to use different layers of encryption for transmitting sensitive data over the Internet, especially over insecure channels, such as wireless networks in public places.
- Furthermore, Credit card information must not be stored in any form on any publicly accessible systems.
- Prevent intrusion into your systems that contain client information by maintaining and strategically placing a firewall and intrusion detection/prevention systems.
- Verbose logging must be enabled on all security devices and services that facilitate Card data. Analysis of the logs and system statistics should be reviewed regularly.
- Utilize build/patch, change control and incident response policies built on industry standards.
- User-level access should conform to an industry standard password policy. All remote and administrative access must be encrypted.
- Wireless access points must require authentication and encryption.
- Systems that store and/or transmit Card data must utilize current anti-virus software.