Stealing credit cards and financial information has increased over the years with hackers getting more technical than ever and business owners inexplicably becoming less and less prepared. That’s why the PCI DSS developed a global solution for securing networks, applications, customer and business information. Companies who are PCI compliant have prevented millions of dollars of damage from happening.
What is PCI Compliance?
It is a set of security rules and guidelines put together by the major card brands. This includes American Express, Discover, MasterCard, and Visa, to protect credit cards and financial information from getting into the wrong hands. These sets of rules, called the Payment Card Industry Data Security Standards, are required from businesses of any size if transactions include handling credit card payments and information.
A business that is not PCI compliant may incur heavy fines, which may range from a few thousand to millions of dollars. This is no good news to small businesses as it can totally shut them down.
How to become PCI Compliant
There are two types of business transactions that require PCI certification. The first one is a business that uses standalone terminals to process card payments. The second one is a business that makes use of software and computers. These two have different requirements.
Businesses that use standalone terminals are required to create unique user or employee IDs for easy tracking of access. They should also have secure passwords on all computers. Devices that contain customer payment and credit card information should also be secure.
They should have encrypted transactions. The terminals and software used usually come with encryption by the provider. Information must also be restricted and need not be discussed with people who do not need to know them. Policies and procedures must also be documented and signed by all employees handling card information.
Businesses that use software and computers, including e-commerce or online businesses, must adhere to these additional requirements:
- Computers used in transactions must have firewalls enabled.
- All devices used in business transactions must have up-to-date anti-virus software.
- Use a PCI Certified Scanner to scan all systems used in transactions. This must take place at least every quarter. Trust Guard currently scans for 75,575 vulnerabilities that hackers have used (or could have used) to illegally access websites and servers. The scan informs business owners of potential threats so that they can fix them before a hacker can access their pages.
When all these requirements are met, a PCI Self-Assessment Questionnaire (also available through Trust Guard) has to be sent to the processor to be completed then submitted before a business is declared PCI Compliant.
Article written by Jonna Lindawan
Jonna is a startup VA business owner who loves helping her clients grow their businesses through her skills in writing, customer service, research, data entry, transcription, social media management, and admin support. Visit her website here.