Worried about Credit Card Compliance? Need some PCI Compliance help?
Have you been notified by your bank or credit card processor that you have to make your business PCI compliant?
Do you need to improve cardholder information security to meet credit card compliance requirements?
Are you confused about what PCI compliance means – and how a small business like yours can become PCI compliant under new credit card compliance standards?
You are not alone! Businesses of all sizes are now required to certify that they meet certain PCI compliance standards to improve cardholder information security – and Continental Computer Services can help you get there.
- We take the jargon out of PCI compliance and help you through the process.
- We can help you determine the level of PCI compliance your bank is expecting for your size business.
- We can help you identify ways to segment your data collection so that fewer of your systems and PCs need to be part of your compliance assessments.
- And we are just the folks who can actually do the work you need done – work like building or maintaining a secure network, identifying and developing controls for internet access points, or even creating a cardholder information security policy.
Call us today at 520 405-9568 or
send an email to request a PCI compliance call back
Info@ContinentalComputerServices.com
What is PCI Compliance?
PCI stands for Payment Card Industry – the folks who control the major payment cards like Visa, Master Card, Discover Card, and American Express.
These providers have joined together to develop a Data Security Standard or DSS. DSS is the standard that you must meet if you are a business or other organization accepting credit cards from one of the member companies.
The DSS calls for measures to secure data, eliminate data breach, mitigate risk, and maintain a comprehensive PCI policy.
Depending on the level of your particular business, you may be required to build and maintain a network that improves cardholder information security, control access to the data you collect from cardholders, test your system regularly and update your information security policy on a regular basis.
Why bother with PCI Compliance?
Data loss is expensive
– just look at what it has cost some of our big businesses who have suffered data breaches in the last few years. An IBM study suggests that a record breach can cost your company an average of $158 per record breached – and the total cost to a company suffering a record breach last year averaged $4 million.
Data loss can result in fines and legal actions
Banks and credit card companies may impose fines or bring civil suits against businesses which fail to comply with the terms of their merchant/bank agreement.If you do not certify your company, you may not be allowed to use the credit cards to take payments. A cardholder information security breach can involve you in expensive and potentially damaging litigation.
A data breach can put you out of business
You may not be able to process credit cards
Banks – often called acquirers in the PCI industry – point out that they may pull credit card processing abilities of those businesses who refuse to – or are unable to – certify their business is secure.
You may lose customers
Trust is the very basis of most businesses. A cardholder information security breach will lead to loss of trust.
Can you afford to lose customers who no longer trust you?
Consider PCI compliance a sort of insurance plan for your business –
a plan that can pay off handsomely if it keeps you safer from credit card hackers out to steal your stored data.
What kind of data are we talking about?
Sensitive Data includes the information encoded on a credit card – this data should never be stored.
Data also can be the cardholder information businesses often gather and store – including all the personal information visible on a credit card – the account number, name of the cardholder, the PIN or service code, and expiration date.
What do I need to protect?
To meet bank card cardholder information security requirements, you will need to protect card readers, point of sale systems, hard copy or paper files, any of your databases where you store or transmit payment system information, shopping carts and applications for payment, and both wired and wireless networks.
Meeting PCI standards can be a confusing and time consuming task, especially if you don’t have an in-house IT expert. Basically, meeting standards requires that you assess your business practices, identify any PCI Remedies required to fix your systems, and report at least annually to your cardholder bank.
Continental Computer Services will help with PCI Remedies
Continental Computer Services can help you remedy shortfalls to your system:
-
You will want to have a managed firewall, SSL certificates and a secure email gateway. Continental Computer Services can install those for you.
-
You will need to verify that wireless networks are separate from the card holder data environment – we can inspect your networks and segment as needed.
-
You will need to verify that you maintain a hardware inventory – we can create a hardware inventory for your staff to use (and update annually if you like.)
-
You will need to verify that you have control over your wireless devices. We can scan for rogue wireless access points, identify any unauthorized wireless devices, and help you identify any threats to physical security of your wireless networks. We can change default settings, provide intrusion detection and set up wireless encryption.
-
You will need to have policies in place to handle PCI compliance issues. We can help you create PCI compliance policies tailored to your organization.
