PCI Compliance involves data security measures to prevent credit card numbers from being compromised from point-of-sale systems, waste disposal and any other possible method by which card holder information could be stolen.
As cases of consumer fraud, identity theft and security breaches continue to make the news, adherence to the Payment Card Industry’s Data Security Standards (PCI DSS) are progressing toward ensuring security for cardholder data; and, while many merchants work to meet mandated certification and validation of their systems, the technological and financial risks of non-compliance continue to burden businesses of all sizes.
The fallout of non-compliance could have a detrimental domino effect on your business. The financial implications of a breach can destroy merchants of any size. You can mitigate risk by maintaining compliance and providing verification and certification as required by the industry. By following the standardized PCI DSS procedures, you can:
- Protect your customers’ personal data
- Boost customer confidence through a higher level of data security
- Insulate your organization from financial losses and remediation costs
- Maintain customer trust, and safeguard the reputation of your brand
A framework for safeguarding sensitive data for all credit card brands, PCI Compliance applies to all business environments, including retail (face-to-face), mail order/ telephone order, and e-commerce. All merchant businesses are impacted, so now is the time to understand what you can do to obtain PCI compliance.
The questions below can help you analyse your compliance needs. The first three questions are essential components in a PCI compliant environment and, when not up-to-date, account for the greatest opportunity for compromise.
- Is virus protection up-to-date and provided by a reputable company?
- Are the latest software revisions, such as security patches, in place for the operating system?
- Is adequate firewall protection installed and up-to-date?
- What vendor provides your point-of-sale payment software? Has the software been created internally? Does the payment application store card numbers, track data, or PIN data?
- How many people in your organization have access to cardholder data?
- Are passwords changed frequently, and do they differ from default passwords?
- Are back office procedures compliant? These include procedures such as storing paper reports under lock and key and limiting personnel access?
- Where is sensitive data stored? How many people can access it?
- Are mobile computing devices, such as laptops, PDA’s, and those with wireless access also PCI compliant?
We can’t emphasize the importance of being PCI compliant to the health of your business. If you are not in compliance or are unsure, please contact us for a free quote and explore upgrading your current security and support needs.
A PPS team member is available to address any questions or concerns you might have at (310) 234-2411.