You probably want your business to be successful and attract all possible customers, and so you accept credit card payments. That is now the preferred payment method for buying goods and services, and it continues to expand. Customers use credit cards as payment at unattended vendors such as car washes, vending machines and tollways. Otherwise, if they need a quarter for the Aldi cart, they have to scour the floor of their car.
Through it all, they expect your business to protect their personal data that is associated with that credit card. Businesses have the responsibility to make sure that their customers’ data is never breached. To facilitate that responsibility, the Payment Card Data Security Standard (PCI DSS) was instituted by the Payment Card Industry Security Standards Council. The Council set forth 12 security control requirements that businesses and organizations are required to implement if they take credit cards as payment. Failure to do so may result in the loss of credit card processing privileges and significant fines. Assurances that your company is in compliance gains your customers’ trust and that trust can be essential to your business’s success.
Make sure you let your customer know that your business is PCI compliant and what that means to the safety of their data and their freedom to use their credit cards safely. Review PCI guidelines frequently for changes and updates.
Twelve steps for PCI compliance
First, you must have a firewall configuration installed and maintained to block access to cardholder data. Change the default password immediately after installing software from the vendor to your own unique password. Change it frequently. If you store cardholder data, secure it in encrypted files online or in the cloud. Paper files must have the CVV blacked out before filing in locked filing system. Always encrypt cardholder data when transmitting on public networks. Develop and maintain your user systems and applications, and regularly update antivirus software. Access to customer data should be limited to only those office personnel who need to know. Make sure each person has their own unique ID for computer access. Monitor and track all cardholder data access. Develop and make available your company’s policy regarding information security. Finally, run frequent tests on all your security systems to make sure they’re working effectively.
Implement and maintain trustworthy PCI compliance
No matter the size of your business, these 12 PCI steps are required by the Payment Card Industry Security Standards Council. Even if you’re operating an online store out of your home, you must abide by these directives. If you only accept a few credit card payments once a week when you sell tomatoes at your local farmers market, you still must be compliant.
For more information about how to secure your customers’ trust, or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.