It seems that it’s only retailers and big-name entertainment companies that make the headlines after they suffer major cardholder data breaches and compromising security scandals, but organizations of all kinds are affected. However, from banks to zoos, any business that takes card payments is a potential target.
The Payment Card Industry Data Security Standard (PCI DSS) ensures all companies maintain a secure environment if they process, store, or transmit credit card information, regardless of their size or the number of transactions that they process.
Organizations need a structured, predictable, and continuous approach to solving ongoing challenges for security and compliance. PCI compliance is a business-wide priority. What would a security breach mean for your business? Your sales pipeline? Your reputation? Your customer? No matter your role within a business, payment security should matter to you. A payment breach can undo all your hard work and steer away even your most loyal customers and take years to rebuild consumers’ trust.
Security attacks are growing more sophisticated and more frequent. The growing prevalence of new technologies like the cloud, mobile card readers, and mobile payments solutions are redefining the environment within which payment systems must operate.
Organizations that neglect to comply with the PCI face harsh consequences that can be catastrophic to a small business: higher credit and debit processing charges from card companies, monetary fines ranging from $5,000 to $100,000 per month until all compliance issues are mitigated, or total revocation of card processing abilities.
To save you from these fines here is a quick snap shot on who should be protected and how to stay secure:
What needs to be protected? Customer, employee and financial data that are a free-for-all for cyber criminals.
Who needs to be compliant? Financial institutions (banks, insurance companies, lending agencies, brokerages), merchants (restaurants and retailers, including brick-and-mortar, mail/telephone order and e-commerce, and virtually any point-of-sale that processes credit cards across all industries), and service providers (transaction processors, payment gateways, call centers, managed service and web hosting providers, data centers, and independent sales organizations).
Long story short: If your business accepts credits card, you need to be PCI compliant.
Follow these tips for staying secure:
- Continuous monitoring of firewalls and keeping antivirus software up-to-date
- Internal and third-party assessments to find any possible vulnerabilities or exploits
- Damage control: Respond quickly to security control failures to detect and fix immediately
- Build and maintain a secure network with regular vulnerability scanning and penetration testing
- Store only what you need and outsource what you don’t
- Shared responsibility: Educate and train all employees the rules of compliance to heighten awareness and reduce risk
- Annually review all security hardware and software technology being used
Compliance is easy – maintaining it is hard. Contact your Access Systems IT sales representative for more information on how our experts can assist your organization with its compliance needs.