How are you handling data security for your small business? You have probably heard about PCI compliance, but is your business protected by following this important set of best practices?
The Payment Card Industry Data Security Standard, “PCI-DSS” or just “PCI”, is a requirement for any and all businesses accepting credit card payments, including credit, debit, and prepaid cards. If you accept credit cards in-store, online, or over the phone, you are required to follow the PCI standard.
The PCI standard of credit card data security is governed by Visa, MasterCard, American Express, and Discover to protect their cardholders’ account information. These companies work together to provide the best practices for securing credit card data. It is in every merchant’s best interest to become and remain PCI compliant – to protect your business, your customer’s data, and your electronic transactions.
We understand that this level of data security can be complex and technical. Integrity’s Easy PCI Program powered by Trustwave can help.
PCI Compliance Requirements
There are 12 PCI requirements1 that you must follow to earn PCI Compliance. These include
- Installing and maintaining a firewall to protect cardholder data
- Changing passwords and security parameters from vendor default settings
- Protecting stored credit card data
- Encrypting credit card data when transmitted across networks
- Protecting against malware and keeping anti-virus protections up-to-date
- Maintaining secure systems and applications
- Restricting access to cardholder data to those who need to know
- Identifying and authenticating access to systems components
- Restricting physical access to cardholder data
- Tracking and monitoring all access to network resources and cardholder data
- Testing security systems and processes on a regular basis
- Maintaining a policy that addresses credit card data security for all employees
Following these requirements will provide a data security foundation for your business. These requirements address the vulnerable areas of credit card data security. Notice that several address technological solutions like firewalls, encryption, and malware protection, but other requirements involve restricting physical access to cardholder data and monitoring who has access to the information.
PCI Compliance Doesn’t Include EMV, Employee Training, or Website Security Measures You Still Need
There are other protections you might have in place to secure your cardholder data, but you must follow the 12 requirements listed above to have true PCI compliance. Just because your website has an SSL Certificate does not make you PCI compliant. Using EMV terminals is not enough to be PCI compliant. Training employees on how to handle credit cards does not make you PCI compliant.
Furthermore, setting up PCI compliance and then never testing it again does not make you PCI compliant. You are required to regularly test your systems to make sure you are current with any changes or updates that may be required.
Integrity’s Easy PCI Program
Integrity has partnered with Trustwave to provide merchants with the Easy PCI Program. This three-step program will check to see if your business is PCI compliant and what additional measures your business might need to address.
The Easy PCI Wizard will walk you through the process and create a To Do List of actions your business needs to take. This makes tracking the process simple. We will also take a look at your website to see if improvements are required. As part of the Easy PCI Program, you business will have access to the TrustKeeper Agent if you need to store and monitor sensitive data.
Furthermore, Integrity’s Easy PCI Program has a Security Policy Advisor that will help design a security policy that builds data security for small business. You and your employees can take easy online Security Awareness Education courses to stay up to speed with credit card data security.
Security Beyond PCI Compliance
All merchants are required to be PCI Compliant, but there are many additional steps you can take to keep your customers’ data safe. Taking day-to-day actions to follow through on your security policy, training and monitoring your employees, and keeping an eye out for credit card security news are all smart moves. Having the latest equipment, including new technology like EMV card readers, goes above and beyond PCI compliance to keep your business and customers safe.
Integrity’s Easy PCI Program is designed to make PCI compliance easy for busy merchants. We know your customers’ credit card data security is important to you, so let us help you get the best practices in place. Learn More Today!
- PCI Security Standards Council. (2016, April). Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessments Procedures, Version 3.2 p. 5