PCI Compliance – A Primer

If credit and debit cards are important to your business, you need to understand three things:

  • What is PCI Compliance
  • What is your potential cost for Non-Compliance
  • How to be sure that your business stays compliant

This paper will provide a brief overview of these three topics and provide a plan to move forward.

PCI Compliance Defined

The Payment Card Industry (PCI) Security Standards Council was formed in 2006 by American Express, Discover, JCB International, MasterCard, and Visa.  They developed and maintain a set of standards (PCI DSS) for securing credit card data that is imposed on every business that accepts credit and debit cards.

The PCI DSS is a set of comprehensive requirements for enhancing security of payment card account data.  The standards address your point-of-sale (POS) systems, accounting systems, credit card processing equipment, network equipment, security practices, and policies.  Each business is required to maintain compliance across all these areas.  Compliance is enforced by each of the credit card companies.

 

Costs of Non-Compliance

 

Buried in your credit card processing agreement are your compliance responsibilities when you accept credit card payments.  Hard costs of non-compliance with PCI DSS include fines that start at $5,000 and losing the ability to accept credit and debit cards.  If there is a breach and you are found non-compliant, the hard costs expand to include legal fees, customer losses, and customer risk mitigation costs.  Soft costs include loss of customer confidence and the time and resources diverted to deal with mitigation.  In short, non-compliance is a non-starter.

 

 


 

Getting Compliant, Staying Compliant

 

Compliance addresses these key areas:

  • Business applications that use and / or store credit card information. Examples include applications such as QuickBooks and Point-of-Sale (POS) systems.
  • Cash registers and terminals.
  • Your network including routers, firewalls, and W-Fi.
  • Computers and servers on your network.
  • Anti-virus and other security software.
  • Policies for user access control, user and device passwords, and updates.

Compliance checklists are any easy place to start your review.  Use a checklist to get a sense of your current compliance and to identify areas that need to be addressed.  Put in place processes to ensure that user access, passwords, software, and hardware are updated on a regular basis.  Download or request a compliance checklist from our website and ask for help if you have questions or concerns.

 

 “An ounce of prevention is better than a pound of cure.” – Benjamin Franklin

 

 

Connected HHI – Reliable and Secure Networks for Business

Based on Hilton Head Island, Connected HHI is a technology services company specializing in secure and reliable networks for small to medium sized businesses.  We focus on two areas that are critical to most businesses today – keeping the internet connections up and protecting businesses from digital threats.  We are the experts for our customers and it is our job to stay on top of the ever-evolving worlds of networks and network security.  We partner with a select group of technology vendors so that we can maintain hands-on experience with everything that we install and the partner relationships that ensure great support for our customers.  Call us to discuss your business needs.

 

Connected HHI

[email protected]

www.connectedhhi.com

843-715-9894

  • The Role of VPNs in Your Security Arsenal

    Virtual Private Networks or VPNs have been used for over 20 years to provide computer access to corporate networks for employees traveling or working remotely. Their adoption by both corporate and private users has boomed over the past 5 years as awareness has grown about privacy risks. In fact, “doing READ MORE

  • Observations on Amazon’s Echo

    Amazon released their voice-directed assistant Amazon Echo in November, 2014 and it has been an amazing sales success.  There have been over 5 million units sold since the introduction and there are now 3 different versions to choose from.  We have been an Echo home since 2016 and I have READ MORE

  • Security Steps That We Can Take

    With all of the news on hacking attacks and identity theft, it is important to take steps ourselves to protect our data and our systems.  Three areas that we control are our passwords, our networks, and our devices.   The following is an overview of password hygiene and the role that READ MORE

  • Hurricane Matthew Visit

    My wife and I were in Napa when we heard that Matthew was forming and was a potential threat to Hilton Head Island.

  • Launching HHI

    I am happy to announce the launch of CON- NECTED HHI, a new technology service company serving homes and businesses on Hilton Head Island and the adjacent Lowcountry.

  • Business

    Technology is now an integral part of business today and most business technology is reliant on an internet connection. Connected HHI specializes in making sure that your network connection is reliable and secure today and tomorrow. Technology is an arms race and we provide the expertise, the technology, and the READ MORE