While Payment Card Industry (PCI) Data Security Standard (DSS) compliance has been an important consideration for merchants for many years, and reports of new breaches are constantly splashed across the headlines (think Target and Home Depot), a large number of businesses are failing to make the fulfillment of PCI DSS requirements a true priority.
If you are not already aware, PCI DSS was originally created to help protect cardholder data that is processed, stored or transmitted by merchants. Founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, Inc., the PCI Security Standards Council requires that all merchants maintain compliance with PCI DSS.
The above-mentioned card organizations are extremely serious about data security. If your customers’ credit card data is stolen or lost, your business can be subject to considerable fines. This is in addition to the repayment of fraud and customer card reissuing costs. According to numerous reports, merchant fines resulting from a breach can easily stretch way beyond $1 million.
However, by complying with the PCI DSS standard, merchants can dramatically reduce their chance of loss and related fees that often result from a data breach. Yet, understanding what these standards actually mean to your business and what you need to do to bring your business into compliance can be daunting to today’s already overwhelmed merchants.
Believe it or not, even with PCI DSS version 3.0 replacing version 2.0 last January, a large number of business owners today continue to view PCI as just one more thing to do on their ever-growing to-do list – many admitting they don’t understand its true value.
In spite of this gray area, today’s merchants must recognize that security is vital in order for their business to thrive.
Whether you consider the regulations too costly or difficult to adhere to, you don’t know where to start, or you are simply unconcerned when it comes to PCI, it’s time to shift gears and start PCI compliance on your priority list.
The following are several key security areas all merchants should regularly address in their business practices:
- Build and maintain a secure network. Avoid using vendor-supplied defaults for system passwords. Instead, create your own unique passwords and never share them with anyone. Install and maintain a firewall configuration to protect data. Don’t forget to implement a vulnerability management program in which you regularly update antivirus software and maintain secure systems and applications.
- Implement strong access control measures. Restrict access to data and assign a unique ID to each team member with computer access.
- Practice regular monitoring/testing. Always track and monitor all access to network resources and cardholder data. Frequently test security systems and processes.
- Protect cardholder data. Ensure all receipts shorten the cardholder’s account number. Protect stored data, including customers’ sales slips and store receipts. Or, if you destroy sales receipts, be sure they are unreadable. Finally, always encrypt transmission of cardholder data across public networks.
- Develop a company-wide information security policy. Maintain a policy that addresses information security for all team members to review and understand.
The best way to make security practices routine business is to work with a dedicated PCI customer support team. This is an ideal way to ensure you have access to fully trained professionals who can help with questions and troubleshooting, as well as provide online help resources and automated tools for defining, implementing, assessing, refining and tracking payment policies and procedures.
Whether you need access to compliance updates, training tools or a better way to manage your company’s compliance overall, Billing Tree can place it all at your fingertips.