As cases of consumer fraud, identity theft and security breaches continue to make the news, adherence to the Payment Card Industry’s Data Security Standards (PCI DSS) are progressing toward ensuring security for cardholder data. And, while many merchants work to meet mandated certification and validation of their systems, the technological and financial risks of non-compliance continue to burden businesses of all sizes.
The fallout of non-compliance has a domino effect on your business, as the financial implications of a breach can destroy merchants of any size. You can mitigate risk by maintaining compliance and providing verification and certification as required by the industry. By following the standardised PCI DSS procedures, you can:
- Protect your customers’ personal data
- Boost customer confidence through a higher level of data security
- Insulate your organisation from financial losses and remediation costs
- Maintain customer trust, and safeguard the reputation of your brand
Own PCI compliance
A framework for safeguarding sensitive data for all credit card brands, PCI applies to all acceptance environments, including retail (face-to-face), mail- or telephone-order, and e-commerce. Business of all types and sizes are impacted, so now is the time to understand what you can do to obtain PCI compliance.
The questions below can help you analyse your compliance needs. The first three questions are essential components in a PCI compliant environment and, when not up-to-date, account for the greatest opportunity for compromise.
- Is virus protection up-to-date and provided by a reputable company?
- Are the latest software revisions, such as security patches, in place for the operating system?
- Is adequate firewall protection installed and up-to-date?
- What vendor provides your point-of-sale payment software? Has software been created internally? Does the payment application store card numbers, track data, or PIN data?
- How many people in your organisation have access to cardholder data?
- Are passwords changed frequently, and do they differ from default passwords?
- Are back office procedures compliant? These include procedures such as storing paper reports under lock and key and limiting personnel access?
- Where is sensitive data stored? How many people can access it?
- Are mobile computing devices, such as laptops, PDA’s, and those with wireless access also PCI compliant?
Start your TransAcc experience today. Click on the button below to open a communication channel with our team.
We offer the best in cloud-based business management software for Dentists, Landlords, Beauticians and more.