PII is the acronym for the term Personally Identifiable Information — any information that can be used to distinguish or trace an individual’s identity and/or can be linked to an individual’s financial, educational, medical, or employment information. Obtaining PII by any means necessary is the goal of identity thieves and hackers, and it’s up to all of us to keep PII secure and out of their reach.
A definition of data breach provided by the U.S. General Services Administration is “when PII is viewed, leaked, or accessed by anyone who is not the individual or someone authorized to have access to this information as part of his/her official duties.”
Today, data breach involves not just credit card data but different types of PII as well. Breaches are typically perpetrated by negligent or malicious insiders, cyber-attacks, malware, stolen or missing IT equipment, outsourcing data to third parties and non-encrypted emails.
A breach of PII can be not only catastrophic to the targeted individual, but businesses and organizations can be impacted by legal liability, remediation costs and a loss of public trust.
PII can be broken down into two categories: non-sensitive and sensitive. Non-sensitive PII can be gathered fairly easily from public records like websites, phone books and corporate directories. In general, it can be transmitted in an unencrypted form without resulting in harm to the individual.
Sensitive PII, if disclosed, can result in harm to the individual. It includes Social Security numbers, financial information, passport numbers, driver license numbers, date and place of birth as well as other demographic, employment and education information.
Cardholder data is considered to be sensitive PII. It includes any personally identifiable data associated with a cardholder such as an account number, expiration date, name, address and Social Security number. All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data.
Sometimes businesses have a legitimate need to store cardholder data electronically; for example, for recurring billing purposes. In such a case, the primary account number (PAN) must be encrypted to help keep it secure.
TransFirst® offers merchant services to handle this need. Our Transaction Express® electronic payment gateway includes a virtual terminal that can be used to securely process credit card and ACH transactions from any computer with Internet access. Merchants can use Transaction Express to store credit card or ACH payment information in a customer wallet for future billing or set up automatic customer billing for recurring charges. Transaction Express is a fully PCI-compliant and PA-DSS-certified payment application.
Another useful Transaction Express feature for online merchants is the hosted payment page option. By using the payment button tool, customers are automatically routed to a secure, TransFirst-hosted payment page where they can enter their payment data directly into our server, relieving the merchant of the responsibility of receiving, storing and transmitting sensitive cardholder data.
At TransFirst, we are committed to effectively safeguarding PII. We consider data protection a primary responsibility when it comes to serving our merchants.