Regardless of the type of business establishment you operate, if you currently accept credit cards as a form of payment, then there’s no doubt you’ve heard the term “PCI Compliance”. But, what does it mean and why is it necessary? The answer is simple; consumer confidence & security.
Consumers have an expectation that when they hand their card to a cashier for payment or input their information online to make a payment, that information is being handled securely. But, is it? The answer may be “no”, and that is why PCI Compliance has become something many processors, dealers and merchants have been tasked with correcting.
If your business intends to or currently stores, processes or, transmits any cardholder data, there are many things that need to be done in order to be PCI Compliant. Because the dynamics of each company is different, the requirements aren’t all the same. Below is a list of many items that are expected, regardless of your business:
- Have and Maintain a Secure Network
- Have a firewall in place and properly configured to protect data
- For anyone having access to data, ensure they have their own unique ID not to be shared or used by anyone else.
- Use unique passwords and update them frequently
- Restrict physical or electronic access to data to only those persons authorized to handle it.
- Do regular reviews and tests of processes in place or systems to ensure they’re still meeting requirements.
- Protect Cardholder Data
- Ensure your anti-virus software is kept up to date
- When using public networks, use encryption to transmit data
- Systems and Applications used to hold/transmit data should be kept updated
- Create & Maintain an Information Security
Policy
- All staff & employees should review & understand policies and procedures laid out in the Policy.
- Ensure everyone is kept updated on all changes to requirements or actions regarding the handling of Cardholder Data
- Access Control
- Keep track of access granted to cardholder data or other resources
We highly suggest you contact your credit card dealer or merchant processing company for further assistance on your specific needs and what their process is to verify you have met those needs. At a minimum, compliance is expected to be updated annually and, in many cases, additional review or system scans may be required between those annual updates.
Your processor may also impose a fee or penalty for the period in which you are not compliant. This amount could vary and typically remains until you’ve completed and passed your Compliance Questionnaire & Assessment. In addition to this, if you are in a status of Non-Compliance and you do experience a breach of information, there can be federally imposed penalties as a result.