Protecting your business from fraud and keeping your customer data secure is always a priority. The Payment Card Industry Data Security Standard (PCI DSS or PCI) is governed by Visa, MasterCard, American Express, and Discover to protect their cardholders’ account information. These card providers work together to recommend the best practices to protect merchants and their customers.
Merchants who are vigilant about PCI compliance can rest a little easier about security. Furthermore, they also avoid possible fees and fines. According to PCICompliance.org, these penalties are not widely publicized, but can be “catastrophic to small business.”1
Integrity is dedicated to helping our merchants keep their customer data secure and their business PCI compliant. We understand that PCI compliance is a technical, sometimes time-consuming requirement, so we invite and encourage our merchants to get started with our Easy PCI Program, powered by Trustwave.
Here are a few things to keep in mind as you check in with your PCI Compliance.
PCI Compliance: Annual Compliance Validation
Did you know PCI Compliance requires merchants to submit an annual review of your security measures? It is time to take a few moments to check in with how your business is securing credit card and customer data. All merchants accepting payment by credit card are required to become PCI compliant, including this once-a-year review.
Even if you are already part of the Easy PCI Program, all merchants must re-validate their paperwork every calendar year. You will need your Merchant ID. Click here to log in and get started.
PCI Security Standards Council Updates for e-Commerce
As the payment landscape evolves, card issuers keep a close eye on new security risks. For example, as e-commerce grows and adoption of mobile devices for shopping increases, best practices require merchants to secure all avenues of credit card payment acceptance. The PCI Security Standards Council has just issued an update for merchants regarding e-commerce that clearly indicates their desire to keep merchants informed and safe.
Depending upon how merchants process payments online, there may be additional security risks to address. The PCI Security Standards Council may require supplemental information to confirm your business is PCI compliant.
Integrity is here to help meet these additional PCI DSS validation requirements through our Easy PCI program. We will also make sure you get the information you need to stay up-to-date in an evolving payments landscape.
The PCI Requirements All Merchants Must Follow
The PCI Security Council reminds merchants that compliance is an ongoing process of assessment, remediation, and reporting issues and repairs.2 As you review your PCI measures, be mindful of these 12 basic requirements that you must follow to earn PCI Compliance.
- Installing and maintaining a firewall to protect cardholder data
- Changing passwords and security parameters from vendor default settings
- Protecting stored credit card data
- Encrypting credit card data when transmitted across networks
- Protecting against malware and keeping anti-virus protections up-to-date
- Maintaining secure systems and applications
- Restricting access to cardholder data to those who need to know
- Identifying and authenticating access to systems components
- Restricting physical access to cardholder data
- Tracking and monitoring all access to network resources and cardholder data
- Testing security systems and processes on a regular basis
- Maintaining a policy that addresses credit card data security for all employees
Integrity is here to keep your business and data safe. Our Easy PCI Program is designed to help busy merchants follow the best practices and stay PCI compliant. Learn more today!
- PCI FAQs, Q15: What Are the Penalties for Non-compliance?. https://www.pcicomplianceguide.org/pci-faqs-2/
- PCI Security Standards Council. Getting Started with PCI Data Security Standard. https://www.pcisecuritystandards.org/pdfs/pcissc_getting_started_with_pcidss.pdf