Data Security Merchant responsibilities Data security should be a key component of all your policies and practices related to payment acceptance and transaction processing. As customers seek out merchants that are reputable and reliable, they expect assurance that their account information is being guarded and their personal data is safe. Secure storage: Merchants are responsible for ensuring that account information is stored in secure, limited-access areas. In addition, merchants are prohibited from storing magnetic stripe information following a transaction and disclosing cardholder data to anyone—except if it is needed by a merchant bank, card issuer, or third-party processor to complete a sale. Prevent employee fraud scams: A merchant’s data security policies should also be designed to prevent fraud scams involving collusive employees. Whenever possible, account numbers should be encrypted or scrambled during transaction processing. Unauthorized electronic equipment—such as laptop computers—that can be used to steal or replicate account information should not be allowed in the workplace. Encryption software: Data security should be of special concern to e-commerce merchants. Encryption software is required to protect account information during online transactions, and merchants must also ensure that account data cannot be accessed online. To make cardholder data "hacker-proof," merchants can either use firewalls—which may include encryption, passwords, or other protections—or store the account data on a computer with no Internet access.