Risking your customer’s credit card data could put you out of business. Criminals were in this merchant’s system for nearly seven months freely taking customer’s credit card information. Her acquiring bank held money that had been coming in from her credit card transactions to cover any fines by Visa or Mastercard. Watch her story below.
What does PCI DSS stand for?
We understand that this terminology may be confusing or intimidating. We also know that the demand for running your business leaves little time to research acronyms like PCI DSS.
PCI DSS stands for Payment Card Industry Data Security Standard. It was developed by the major credit card companies as a guideline to help organizations that process, store or transmit card payments. The program helps you to guard and prevent fraud, hacking, identity theft and various other security vulnerabilities and threats. Some useful payment protection tips can be reviewed on the official PCI site.
By complying with the PCI DSS, your business may avoid breaches, fines, audits and possibly losing the ability to process credit card payments altogether. At the same time, you are communicating with your valued customers that safeguarding their credit card and personal information is a top priority.
Card Systems is dedicated to helping you protect yourself and your customers. As one of our valued merchants, you are automatically enrolled in the PCI Security Program. The purpose of this program is to help you safeguard and protect your customer’s valuable data by following the Payment Card Industry Data Security Standard (PCI DSS) compliance guidelines. This program is required for all merchants that process credit card payments and by being complaint makes you more trustworthy
How do I get started? To help facilitate compliance validation, our clients will have access to all of the services required for validating compliance through the PCI compliance partner portal. This is an online compliance portal providing merchants access to the Self-Assessment Questionnaire and Network Vulnerability Scanning. It simplifies the compliance process for you by pre-populating answers in the Self Assessment Questionnaire based on some preliminary questions that you will answer about your business.
MORE QUESTIONS? VISIT OUR MERCHANT DATA SECURITY PROGRAM FREQUENTLY ASKED QUESTIONS
What are the requirements for PCI DSS?
There are twelve requirements that fall into six categories:
1. Build and Maintain a Secure Network: Install and maintain a firewall, and use unique, high-security passwords, with special care to replace default passwords.
2. Protect Cardholder Data: Whenever possible, do not store cardholder data. If there is a business need, you must protect this data. You must also encrypt any data passed across public networks, including your shopping cart and web-hosting providers.
3. Maintain a Vulnerability Management Program: Use anti-virus and keep it update. Develop and maintain secure operating systems and payment applications. Ensure the applications you use are compliant.
4. Implement Strong Access Control Measures: Access – both electronic and physical access – to cardholder data should be on a “need-to-know” basis. Ensure those people with access have a unique ID and password. Do not share your login information.
5. Regularly Monitor and Test Networks: Track and monitor all access to networks and cardholder data. Ensure you have a regular testing schedule for security systems and processes: firewalls, patches, and anti-virus.
6. Maintain an Information Security Policy: It’s critical that your organization has a resource for how data security is handled at your business. Ensure you have a policy and that it’s disseminated and updated regularly.