If credit and debit cards are important to your business, you need to understand three things:
- What is PCI Compliance
- What is your potential cost for Non-Compliance
- How to be sure that your business stays compliant
This paper will provide a brief overview of these three topics and provide a plan to move forward.
PCI Compliance Defined
The Payment Card Industry (PCI) Security Standards Council was formed in 2006 by American Express, Discover, JCB International, MasterCard, and Visa. They developed and maintain a set of standards (PCI DSS) for securing credit card data that is imposed on every business that accepts credit and debit cards.
The PCI DSS is a set of comprehensive requirements for enhancing security of payment card account data. The standards address your point-of-sale (POS) systems, accounting systems, credit card processing equipment, network equipment, security practices, and policies. Each business is required to maintain compliance across all these areas. Compliance is enforced by each of the credit card companies.
Costs of Non-Compliance
Buried in your credit card processing agreement are your compliance responsibilities when you accept credit card payments. Hard costs of non-compliance with PCI DSS include fines that start at $5,000 and losing the ability to accept credit and debit cards. If there is a breach and you are found non-compliant, the hard costs expand to include legal fees, customer losses, and customer risk mitigation costs. Soft costs include loss of customer confidence and the time and resources diverted to deal with mitigation. In short, non-compliance is a non-starter.
Getting Compliant, Staying Compliant
Compliance addresses these key areas:
- Business applications that use and / or store credit card information. Examples include applications such as QuickBooks and Point-of-Sale (POS) systems.
- Cash registers and terminals.
- Your network including routers, firewalls, and W-Fi.
- Computers and servers on your network.
- Anti-virus and other security software.
- Policies for user access control, user and device passwords, and updates.
Compliance checklists are any easy place to start your review. Use a checklist to get a sense of your current compliance and to identify areas that need to be addressed. Put in place processes to ensure that user access, passwords, software, and hardware are updated on a regular basis. Download or request a compliance checklist from our website and ask for help if you have questions or concerns.
“An ounce of prevention is better than a pound of cure.” – Benjamin Franklin
Connected HHI – Reliable and Secure Networks for Business
Based on Hilton Head Island, Connected HHI is a technology services company specializing in secure and reliable networks for small to medium sized businesses. We focus on two areas that are critical to most businesses today – keeping the internet connections up and protecting businesses from digital threats. We are the experts for our customers and it is our job to stay on top of the ever-evolving worlds of networks and network security. We partner with a select group of technology vendors so that we can maintain hands-on experience with everything that we install and the partner relationships that ensure great support for our customers. Call us to discuss your business needs.