Home | Business
In a world where credit card fraud is rife, it's important for merchants to know how to protect themselves and their customers. The Payment Card Industry (PCI) is an organization dedicated to the prevention of fraud. They work with card processing organizations, merchants and clearing agencies to achieve this. PCI has developed the Data Security Standard (DSS) to help reduce vulnerabilities among merchants and protect card holders by ensuring that their personal data remains secure. As a merchant, it's important to know your role and if you are complying with the Data Security Standard. Why is PCI Compliance Important? Card processing is a detailed process involving many role players. At any point in the processing chain, customer or merchant data can become vulnerable to criminals. The PCI works toward ensuring that these vulnerabilities are minimized, through an ongoing process of assessment, remediation and reporting. As a merchant, you are an important role player in the processing chain; therefore, it's vital that your business complies with the industry standards. If not, you may as well leave your store door and cash register wide open. It's important to understand that being slack about compliance not only leaves your business vulnerable but also increases the vulnerability of everyone else related to you in the card processing chain. As a merchant, you have a responsibility to other members of the industry to keep your site and data secure. What Does Being PCI Compliant Mean? The PCI DSS details six goals pertaining to the card processing industry. These goals are widely regarded as simple common sense steps that reflect the best possible security practices. The first goal is to build and maintain a secure network. For both retail and online merchants, this means that your computer systems should have adequate firewalls installed which are regularly maintained so as to protect card holder data. For online merchants in particular, ensure that you do not use vendor-supplied defaults for passwords and other similar security parameters in your system. The second goal is to protect card holder data. For all merchants, this means that when you store customer data in your computer systems or on your premises you must ensure it is secure. More importantly, when transmitting customer data over public networks, make sure you take the necessary steps to encrypt the data. This simple step can go a long way to ensure card data security. The third goal is to maintain a vulnerability management program. This simply means that you maintain up-to-date anti-virus software on your computer systems to reduce your vulnerability. In addition to this, and this is particularly applicable to online merchants, when you are developing systems and protocols, ensure that the applications are secure and comply with industry standards. The fourth measure is to implement strong access controls. This is particularly relevant to retail stores where any number of people may have access to customer data. There are three ways in which, as a retailer, you can implement these security measures. Firstly, restrict physical access of the number of people that have access to the customer data. The second way supports this is in that the access should be restricted to those people who need to know about the customer data in order to fulfill their job function. The third way is to assign access codes and sign-in codes to those people working with customer data. This ensures that if there are any irregularities, you can immediately find out who processed the card. The fifth measure is to regularly monitor and test networks. What may be safe one day may be vulnerable to hackers the next. Regularly testing the security of the system will ensure that you stay a step ahead of criminals and protect your customer data and your business. Also, ensure that you track all access to the system and customer data. The last measure is to maintain an Information Security Policy. This relates in particular to employees and contractors. They need to understand the importance of system integrity and protecting card data. Have a policy document that forms part of their contract agreement and ensure they sign it to reflect their understanding and agreement to it. How do I Make Sure that as a Merchant I am PCI Compliant? The six measures listed above are the basic guidelines for compliance. As a merchant, it's important for you to be familiar with them. Contact the PCI security Standards Council for their standards and policies. You can also contact the PCI Security Standards Council and request that a qualified assessor visit your site to evaluate your level of compliance. The Qualified Security Assessor (QCA) will evaluate your business's compliance with PCI DSS. An approved Scanning Vendor (ASV) performs a vulnerability scan of internet-facing environments of merchants and service providers. If you are an online retail store, you will want both types of assessors to evaluate your business systems. For smaller businesses, there is also a "Self-Assessment Questionnaire" which can be completed to evaluate your level of compliance. There are different questionnaires relating to various industries and more information can be obtained by contacting the PCI Security Standards Council.
Article Source: http://www.mycontentbuilder.com
At Card Processing Pros.com we provide credit card merchant services and debit card processing, literally setting up hundreds of clients per month to process card payments for storefront, Internet and phone/mail order-based businesses. We also offer services in electronic check and gift card processing. Visit online today.
Please Rate this Article
5 out of 54 out of 53 out of 52 out of 51 out of 5
Not yet Rated
Full name
E-mail address
