How to Ensure Your Operations are PCI Compliant

Credit cards, debit cards, and other forms of electronic payment are convenient ways for customers to make purchases without having to use cash. As we know, these forms of payment also create vulnerabilities for both the business and customer. Earlier, we discussed 5 Ways to Improve Network Security . Today, we will touch on the regulations in place and general best practices for businesses that accept these forms of payment.

The Payment Card Industry Security Standards Council (PCI SSC) determines the Payment Card Industry Data Security Standard (PCI DSS), which is a set of requirements created to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. While the PCI SSC is not a government-run agency and failure to comply with their regulations is not punishable by law, failure to comply with established regulations can be catastrophic for a business. Businesses that refuse to comply with PCI standards can receive fines ranging from $5,000 to $100,000 per month, increased transaction fees, costly forensic audits and potentially fatal brand-damage.

The first thing that you need to do to make sure that your company’s operations are PCI compliant is find out which merchant tier you belong to, which represents the amount of payment card transactions done by your business. A typical small-to-medium sized business falls into Tier 4: a merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants (regardless of acceptance channel) processing up to 1,000,000 Visa transactions per year. In order to satisfy PCI requirements, these merchants should consult the following chart to determine which Self Assessment Questionnaire (SAQ) to take in order to demonstrate compliance. Take our website, Rackfinity.com, for example. Say you navigate to our site and click on Kendall Howard section in the sidebar in the BRANDS category. Selecting any of their fine products by clicking “ADD TO CART”, you then have the option to proceed to checkout, where all of your payment information is entered on our website. Companies that share this type of payment process will have to fill out the D-Merchant SAQ. Next, your company must complete and obtain evidence of passing a vulnerability scan with a PCI SSC approved scanning vendor, such as ControlScan, and complete the relevant Attestation of Compliance. Finally, submit the relevant SAQ, evidence of a passing scan, the Attestation of Compliance, and any other specifically required information to your acquirer (the bank or other entity that processes the transactions). A vulnerability scan should be ran once per quarter. While it may seem to be quite a bit of work to achieve PCI compliance, it is well worth it. Companies that do not comply and have a security breach often do not recover.

Hopefully, you heed this warning and take the steps to achieve PCI compliance. In case your business ever falls victim to a security breach, here are a few useful links:

ETA’s Risk, Fraud & Security Committee and Arnall Golden Gregory LLP, Data Breach Response: A Nine-Step Guide for Smaller Merchants : http://www.electran.org/wp-content/uploads/ETA_DataBreach_contact_2.pdf

Visa’s What to Do If Compromised, Visa Inc. Fraud Investigation Procedures : http://usa.visa.com/download/merchants/cisp-what-to-do-if-compromised.pdf

The Kendall Howard 8U PCI Compliant Security USA Made Wall Mount Cabinet is a professional looking solution for securing your networking equipment and other devices.

Use coupon NICERACK for 10% Off today.