Depending on where Google has led you in your searches on this topic, you might be looking at 6 principles of PCI, or 12 recommendations for PCI. They refer to the same thing – and it’s actually six concepts sub-divided into twelve action points. These requirements were designated by the Payment Card Industry Council, and are known as PCI Data Security Standards. They’re not universally enforced, but they’re generally accepted, and Visa includes them as a must-have before they agree to do business with you.
Accordingly, it’s important to know the basics, so here are the five most important aspects of PCI compliance.
Your customers’ details should be encrypted from end-to-end, from the moment they type them in remaining encrypted until they reach their destination.
Every device and virtual account comes with a default password, and many of us use obvious passwords. Studies suggest popular passwords include ‘password’ and ‘12345678’. PCI compliance requires the use and regular changing of strong, non-intuitive passwords. Each employee that accesses keypads, payment apps, or customer data has to have their own individual User ID, log-in, and password, for accountability.
- Data protection
Payment gateways are required to guard your data, both at the physical and digital level. They have to build secure systems with tough firewalls. They also have to limit the staffers that physically handle customers’ cards. (Ideally, if they use mobile apps and NFC technology, staff don’t have to touch customer cards at all.) Any stored data can only be accessed on need-to-know basis, and very few people need to know those customer details.
- Written security policies
Ensure your payment gateway has written security policies, and also that your employees are familiar with those policies, and adhere to them.
- Evaluation and testing
As good as any system is, there hackers constantly trying to break in, so it’s crucial to test security protocols and monitor them consistently for suspicious behavior. Keep a strict eye on access to customer data in all its forms, from complaints to purchasing preferences.
For more information on the most important things to know about PCI compliance, or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.