It’s important for you to be informed about PCI Compliance: Here’s what you need to know.
A common misconception by many businesses is that they simply don’t need to worry about PCI compliance. This couldn’t be further from the truth. If you accept credit cards, you are required to be PCI compliant. If you are not, your business can face steep fines.
You are solely responsible for securing your customer cardholder data to meet Payment Card Industry rules.
Small businesses are prime targets for data thieves…in fact, they are some of the biggest targets because they are the easiest targets. It’s your job to protect cardholder data at the point-of-sale. If cardholder data is stolen (and it’s your fault) you could incur fines, penalties, even termination of the right to accept payment cards, which could have a major consequences for your business.
Why does PCI Compliance matter for your business?
According to the PCI Security Standards website, more than 340 million computer records containing sensitive personal information have been involved in security breaches in the U.S. since 2005. Criminals target independent merchants because most have minimal security for cardholder data. More than 80% of attacks target independent merchants.
If you are at fault for a card holder security breach, your business can face:
- Fines and penalties
- Loss of the ability to accept payment cards
- Cost of reissuing new payment cards
- Legal costs
- Fraud losses
What Should You Secure?
Focus first on protecting the cardholder data under your control. You are responsible or protecting cardholder data at the point of sale, and as it flows into your credit card payment system. The single best step you can take is to not store any cardholder data outside of a secure payment gateway.
PCI Compliance Protection needs to include the following:
- Card readers
- Point of sale systems
- Store networks & wireless access points
- Payment card data storage and transmission
- Payment card data stored in paper-based records
How to Meet the PCI Security standards
The PCI Security Standards website is an invaluable resource for business working to be PCI compliant. Their suggestions include:
- Use only approved PIN entry devices at your point-of-sale
- Use only validated payment software at your POS or website shopping cart
- Ensure your CDE (Card Data Environment) is segmented from the rest of your network
- Do not store any sensitive card holder data in computers or on paper
- Use a firewall on your network and PCs
- Make sure your wireless access points are password protected and uses encryption
- Use strong passwords
- Regularly check PIN entry devices and PCs to make sure no one has installed roue software or “skimming” devices
- Teach your employees about security and protecting cardholder data
The bottom line is that PCI compliance does matter no matter what the size of your business. We understand that it can seem cumbersome, but that’s no reason to put it off or ignore it. The livelihood of your business may be at stake if you suffer a data breach.
CPJ Solutions works with businesses like yours to help alleviate the burden of meeting the PCI compliance standards. To request more information you can reach us at 866-640-8282 or by completing this form.