| | OCTOBER 201919CIOReviewBy Vennard Wright, CIO, Iron Bow TechnologiesACCOUNTING FOR ONLINE PAYMENT SECURITYAS A PRACTICEAs consumers and recipients of services from utilities, our least favorite thing about receipt of those services is paying bills. As service providers, one of the areas of most obvious concern is securing information and data related to those payments; customer details and credit card information.Both concerns violently converge in a number of ways that range from fair and equitable pricing to measured transparency around operations when rate and price increases are in order, but perhaps one of the most vexing challenges is in the area of security and compliance for online payments.The Payment Card Industry Data Security Standard (PCI DSS), which was launched in 2006, governs how companies and entities of any size must accept credit card payments. The PCI DSS is administered and managed by the PCI SSC, an independent body that was created by the major payment card brands (Visa, MasterCard, American Express and Discover). This means that, if any entity intends to accept card payments, store, process, and transmit cardholder data, they must host their data securely with a PCI compliant hosting provider or take proper steps to ensure that cardholder data is secure or face financial penalties of $5,000 to $100,000 per month for PCI compliance violations.In spite of well-known PCI compliance standards, in recent years, ten very notable examples of payment data breaches that involved the public loss of credit card information still occurred:1. Chipotle ­ Point of sales data breach in 20172. Home Depot ­ Agreed to pay banks $25 million as part of a settlement for breach in 20143. eBay ­ Massive data breach of sensitive data on 148 million customersCIO INSIGHTS
< Page 9 | Page 11 >