Is your Data Safe? PCI Compliance
Risking your customer's credit card data could put you out of business. Criminals were in one merchant's system for nearly 7 months freely taking customer's credit card information. Her acquiring bank has been holding money that has been coming in from her credit card transactions so they can cover any fines by Visa or Mastercard. Watch her story below.
What does PCI DSS stand for? You may be wondering what PCI DSS stands for. We understand that this terminology may be confusing or intimidating. We also know that the demand of running your business leaves little time to research acronyms like PCI DSS.
PCI DSS stands for Payment Card Industry Data Security Standard. It was developed by the major credit card companies as a guideline to help organizations that process, store or transmit card payments. The program helps prevent fraud, hacking, identity theft and various other security vulnerabilities and threats.
By complying with the PCI DSS, your business will avoid fines, audits and possibly losing the ability to process credit card payments altogether. At the same time, you are communicating to your valued customers that safeguarding their credit card and personal information is a top priority.
Card Systems is proud to announce our dedication in helping our valued merchants. We set ourselves apart from our competitors by protecting your business from security breaches. As one of our valued merchants, you are automatically enrolled in the Card Systems Merchant Security Program. The purpose of this program is to provide Payment Card Industry Data Security Standard (PCI DSS) compliance solutions for all of our merchants that process credit card payments.
How do I get started? To help facilitate compliance validation, our clients will have access to all of the services required for validating compliance through the PCI compliance partner. This is an online compliance portal providing merchants access to the Self-Assessment Questionnaire and Network Vulnerability Scanning. It simplifies the compliance process for you by pre-populating answers in the Self Assessment Questionnaire based on some preliminary questions that you will answer about your business.
What are the requirements for PCI DSS?
There are twelve requirements that fall into 6 categories:
1. Build and Maintain a Secure Network: Install and maintain a firewall, and use unique, high-security passwords, with special care to replace default passwords.
2. Protect Cardholder Data: Whenever possible, do not store cardholder data. If there is a business need, you must protect this data. You must also encrypt any data passed across public networks, including your shopping cart and web-hosting providers.
3. Maintain a Vulnerability Management Program: Use anti-virus and keep it up date. Develop and maintain secure operating systems and payment applications. Ensure the applications you use are compliant - Visa’s Payment Application Best Practices.
4. Implement Strong Access Control Measures: Access – both electronic and physical access – to cardholder data should be on a “need-to-know” basis. Ensure those people with access have a unique ID and password. Do not share logon information.
5. Regularly Monitor and Test Networks: Track and monitor all access to networks and cardholder data. Ensure you have a regular testing schedule for security systems and processes: firewalls, patches, and anti-virus.
6. Maintain an Information Security Policy: It’s critical that your organization has a resource for how data security is handled at your business. Ensure you have a policy and that it’s disseminated and updated regularly.