Internet retailers will have to improve their security and data handling processes in order to comply with new requirements published by the credit card industry. The new rules, from Visa and MasterCard, take effect on 30th June.
The Payment Card Industry Data Security Standard – the result of a collaboration between Visa and MasterCard – has the support of other card companies, including American Express, Discover and Diners Club, and represents a concerted effort to tackle identity theft and on-line fraud.It sets out procedures for handling cardholder information in a secure manner, and requires that merchants carry out a quarterly compliance check. All merchants are covered by the standard, although only those carrying out more than 20,000 transactions per year will be obliged to have their compliance verified.In brief, the merchant is obliged:
to install and maintain a firewall to protect data;
not to use seller-supplied defaults for system passwords and other security parameters;
to protect stored data;
to encrypt the transmission of cardholder data and sensitive information;
to use and update anti-virus software;
to develop and maintain secure systems and applications;
to restrict access to data on a need-to-know basis;
to give a unique ID to each person with computer access;
to restrict physical access to the data;
to track and monitor all access to the network and data;
to regularly test security systems and processes; and
to maintain an information security policy.
The requirements are backed by tough sanctions – including heavy fines and the threat of the withdrawal of credit card processing facilities.By using a single standard and enforcing it strongly the credit card industry hopes to stem the tide of identity theft and on-line fraud.Recent highly-publicised consumer privacy breaches include the loss of backup tapes containing the credit card information of 1.2 million federal workers by Bank of America, the loss of around 310,000 customers' personal information to identity thieves at a subsidiary of data broker LexisNexis, and the reported loss of transaction data belonging to around 180,000 customers of fashion house Polo Ralph Lauren.
Most contracts for construction works will include an extension of time mechanism, whereby the contractor will be entitled to an extension of time to the agreed completion date – the date by which the works must be completed – in circumstances where there are delays to a project which are not the contractor’s fault or for which the employer has taken the risk.
UK employers faced with industrial action need to understand the steps that a trade union must take before they can lawfully make a call for industrial action and the timing of those steps.
We use cookies that are essential for our site to work. To improve our site, we would like to use additional cookies to help us understand how visitors use it, measure traffic to our site from social media platforms and to personalise your experience. Some of the cookies that we use are provided by third parties. To accept all cookies click ‘accept all’. To reject all optional cookies click ‘reject all’. To choose which optional cookies to allow click ‘cookie settings’. This tool uses a cookie to remember your choices.
Please visit our cookie policy for more information.
We are processing your request. \n Thank you for your patience.An error occurred. This could be due to inactivity on the page - please try again.