PCI Compliance For Your Business
If your business takes debit or credit card payments, then you’ve likely heard of Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is an information security standard for all organizations that store, process or transmit payment card data. PCI Data Security Standards are governed by the PCI Security Standards Council. These standards help merchants and service providers follow best practices that protect their customers’ payment data.
The standards set forth by the council are mandatory for merchants and service providers to follow as it decreases your liability of being hacked. In the event of a data breach, lack of PCI compliance could result in steep fines by the PCI Security Standards Council. These fees can go as high as $100,000 a month, and your banking provider may terminate your relationship or increase transaction fees. PCI Compliance for Small Businesses lessens the liability of fees and fines if a data breach occurs.
Compliance Goals and their PCI DSS Requirements
- Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Implement Strong Access Control Measures
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain an Information Security Policy
- Maintain a policy that addresses information security for employees and contractors
Quick Steps to Security include:
- Buy and use only approved PIN entry devices at your point-of-sale.
- Buy and use only validated payment software at your POS or website shopping cart.
- Do not store any sensitive cardholder data in computers or on paper.
- Use a firewall on your network and PCs.
- Make sure your wireless router is password-protected and uses encryption.
- Use strong passwords. Be sure to change default passwords on hardware and software – most are unsafe.
- Regularly check PIN entry devices and PCs to make sure no one has installed rogue software or “skimming” devices.
- Teach your employees about security and protecting cardholder data.
- Follow the PCI Data Security Standard.
By now you’re reading and may be thinking that these tasks are highly technical and out of your knowledgebase. There’s no need to worry, with a Managed Service Provider (MSP) like 919 IT Solutions we can assist North Carolina Merchants to make sure they are meeting compliance standards, remediate vulnerabilities, and remotely monitor your network activity. Contact Us today for any of your IT consulting, assessment, or remediation needs.