Protecting customer data: Where Microsoft Dynamics ERP users can start

The well-publicized Target credit card security breach that surfaced during the holiday season has put a brighter spotlight on how sensitive data is captured and shared - both in the business-to-consumer (B2C) and the business-to-business (B2B) environments. Forty million credit and debit card accounts - and the personal information of 70 million Target customers - were believed to be involved in the breach, which has received massive media attention and Homeland Security scrutiny.

The Dynamic Edge

Henry Ijams, managing director at Charlotte, NC-based PayStream Advisors, says Microsoft Dynamics customers whose systems manage massive volumes of data have specific options in place to ensure that sensitive data is not stored in their accounting systems. "The best practice for keeping that data secure is to [use] a credit card processing company and not retain the information in your accounting system," explains Ijams, who adds that B2B organizations should also avoid storing credit card expiration dates and customer addresses in their ERPs.

Instead, Ijams suggests using a third-party, PCI- compliant encrypted site. Introduced in 2006 with the origination of the PCI Security Standards Council, the Payment Card Industry Data Security Standard (PCI DSS) protects credit card users from security breaches. PCI Security Standards include PCI DSS, Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

PCI DSS is a set of policies and procedures intended to optimize the security of credit, debit, and cash card transactions and protect cardholders against misuse of their personal information, while PA-DSS is a standard for developers of payment applications.

"Everyone who touches credit cards is responsible for ensuring the safeguarding of those cards," says Ijams. "To be in compliance and avoid potential problems, ...