How Do I Get My Online Business PCI Compliant?

Becoming PCI compliant can increase your customers’ trust in your brand, and encourage more online purchases. However, achieving PCI compliance can be a confusing process. This article will look at the basics of getting your online business to be PCI compliant.

Typically, you will have received a welcome message when you first signed up for your merchant account, which will have included a technical support phone number.  For most merchants, all you have to do is call that number, and answer a few security questions, and your payment processor will take care of the rest.  But if you didn’t sign up with Charge.com, and your payment processor will not provide this service for you, then this article is for you.

There are six factors to keep in mind here:

• Limited data retention
• Protected networks
• Secure applications
• Monitored and controlled access
• Protected data storage
• No shortcuts

To start, you must ensure that you minimize the damage in case of breach. For this, you want to implement a limited data retention policy, where you lower the amount of sensitive data stored on your servers. You then want to ensure that your networks are protected. Firewalls, routed networks, proper cryptography, security protocols and regular vulnerability scans will ensure that your networks are secure.

Next, it’s time to secure your systems at the software level. This can be done by installing the latest security patches for your operating system, running an antivirus on each connected device, and keeping all of your drivers and software applications up to date.

Access control is next. A good rule of thumb is to deny access outright as a default setting, allowing only select users access to cardholder data. It’s also important to maintain an audit trail whenever data records are involved, because the PCI Council may request entry logs to verify your PCI compliance.  You can also deploy automated security tools to monitor any modifications done to critical system, content or configuration files.

The final step is to make sure that once you’ve stored sensitive data, you make it as inaccessible as possible. For example, you can mask the primary account number with a cryptographic key to make it unreadable whenever you store it. You can then implement key management processes that ensure all the keys are secure. It’s also recommended that you back up all of these keys in a secure location.

Hackers are continuously improving their tools and methods, because the financial incentive is there. Even a small data breach can yield tens of thousands of dollars. This is why it is important to follow all of the protocols of the PCI compliance standard. A hacker will probe for vulnerabilities and weaknesses in all of the areas mentioned above, and if your company is not fully prepared for an attack, the hacker may be successful in accessing sensitive customer data.

The risks here are fairly significant for a company, because the consequences of a data breach can range from negative publicity to litigation. It is best to be safe in these situations, and ensure that both your company and your client base are safe from considerable financial loss. For more information on how to achieve PCI compliance for your business, or to open a merchant account, please go to Charge.com.