Five Steps Every Business Should Take To Maintain PCI Compliance
- Author: Jamie Walker
Payment Card Industry Data Security Standard or PCI DSS is a set of security standards that all businesses that process, handle or store credit card data must comply with to ensure that payment card information is safe and secure.
Just about every day we see a story in the news of a data breach from a Fortune 500 company. Breaches at big businesses deliver splashy headlines but small businesses are just as likely to be victimized. A recent Bank of America study found that 21% of small businesses reported a data breach in the last 24 months and 41% of SMB’s that were breached paid more than $50,000 to recover. To add salt to the wound, 30% of consumers said that they would not shop a business that suffered a breach. Taking a financial hit and a loss in public trust can be detrimental to just about any business regardless of size.
Most business owners don’t understand PCI Compliance or take the time to learn what processes they need to implement to stay within PCI guidelines. They will say that the annual surveys are an annoyance and the monthly fee is just another money grab by processors. What most don’t understand is that the surveys are an important tool to make sure that all businesses large or small have the information to take the necessary steps to prevent a data breach and safeguard sensitive customer information. If you accept credit cards you have a responsibility to your customers to ensure that their information is handled in a secure manner. It is important not to be negligent by mishandling another person’s credit card information. Not only can it cost you thousands of dollars, but you will also lose the public’s trust.
Below we detail 5 steps that every business owner should take to maintain PCI Compliance:
1. Install a Firewall - A firewall protects and secures your network infrastructure. After installation, it is important that you schedule regular updates to ensure that your software is current.
2. Develop an overall company-wide policy regarding PCI Compliance - Make sure that your employees understand the importance of securing cardholder data and are practicing security protocols daily.
3. Update your passwords - It is critical that you always change the default password on new installations and then put in policies that require password updates every 90 days.
4. Make sure that any 3rd party provider or vendor is aware of your PCI Compliance policies and are meeting them - Enforcing your internal standards on external vendors will help ensure that there are no holes in your defenses.
5. Assign responsibility for compliance - Make sure you have a person in place to ensure that policies and procedures are being implemented and followed. It is important to put in place regular compliance checks so that standards do not get lax and employees do not get complacent.
To learn more about PCI Compliance please visit pcistandards.org