The Payment Card Industry (PCI) Council is a regulatory body that recommends security measures for card transactions. It’s not a legal requirement, but many card networks trust it. Visa refuses to transact with anyone that isn’t PCI compliant, and since it’s the most popular card network, that doesn’t leave most merchants much choice. The PCI DSS (Data Security Standards) has twelve key points classed into six categories. They’re designed to protect you and your customers from fraud and loss. Let’s see how each one works.
- Build secure networks
For example, all security systems come with default PINs and passwords. Be sure to change them, because defaults are easy to guess, so they’re susceptible to virtual break-ins. You also need a strong firewall. It keeps out potential malware from phishing scams and Trojan downloads.
- Protect cardholder data
The location of your data cache should be as safe as a bank vault, physically and digitally. Having customer cards stolen from your custody would be disastrous, so watch out. Also, when card details are being typed into your website or phoned in by customers, keep everything encrypted. This keeps it unintelligible in case of interception.
- Manage vulnerabilities
Unfortunately, we often don’t know that we’re vulnerable until something goes wrong. This means we have to actively search for weak spots in our credit card security armor. Install anti-virus software, build in security features, and update apps regularly. Stay informed about security scares in your market segment and implement protective measures. Be deliberate and pro-active in your approach.
- Control access
There are digital files that contain customer details, and if these are stolen, your customers are exposed to identity theft and fraud. There are also physical cards that can be swiped without a customer’s permission. While it’s important to protect this information from intruders, it’s also essential to make sure that it is protected from employee theft. The number of people that touch customers’ cards and/or review their personal information should be restricted as much as possible. Anyone who logs into the system or physically swipes customer cards should have an individual ID for accountability purposes.
- Test and monitor
Even the best systems need to be reviewed. There may be new threats and technology, or undiscovered weaknesses in the system. Keeping a close eye will help you spot errors sooner, and regular testing ensures everything stays in working order. Check every part of your security protocol, knowing changes / upgrades in one area can inadvertently expose another.
- Maintain written policies
At a personal level, writing things down helps us remember. At the corporate level, written policies offer proof of commitment, as well as legal protection. They also offer instructions for dealing with serious issues, both on the business and customer side. Create a legal document and update it regularly, applying the latest security measures in your sector. Ensure your whole team is familiar with and fully understands these policies and follows them.
For more information on how PCI requirements protect your business and your customers, or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.