PCI Compliance

Are You PCI Compliant? It’s Mandatory.

Since 2005, there have been more than 1 billion stolen records in over 2,000 separate incidents. In most cases, thieves were seeking payment card data. Clearly, it is imperative that businesses do all they can to protect their payment systems from fraud.

If you think your business is too small for thieves to target, think again. Small businesses are now seen as easy targets. A Visa analysis has found that small merchants accounted for more than 80 percent of data security breaches. A breach can cost over $200 per compromised record, and can expose your business to chargebacks, fines from banks or regulators and loss of your customers’ trust.

What is PCI DSS?

PCI DSS – or the Payment Card Industry Data Security Standard (PCI DSS) – was created by the major credit card companies to prevent fraud. This standard has been around for several years and it works. Between 2005 and 2011, only 4 percent of all breached organizations were PCI compliant at the time of their data breach, proving that those businesses that take steps to become compliant do prevent fraud.


What Happens if I Don’t Become PCI Compliant?

The object of becoming compliant with PCI security standards is to help protect sensitive cardholder data from thieves.  If your business fails to become PCI compliant, you could be putting your business at greater risk from the growing threat of payment card data breaches and theft, which may result in substantial penalties (such as fines from banks, regulatory agencies, and card organizations), fraud and charge backs, as well as legal costs and lost customers.

Additionally, if you fail to become PCI DSS compliant or to report your PCI DSS-compliant status via a third-party vendor to your merchant services provider, you may also be charged a monthly fee until you do so.
If your business experiences a data security breach, you could even lose your ability to process credit card payments. Perhaps more importantly, you risk the loss of customers. Research shows that 43% of customers who have been victims of fraud stop doing business with the merchant where the fraud occurred

How Can I Become PCI Compliant?

You will need to complete the following items below by clicking on the link at the bottom Become PCI Compliant:

A self-assessment questionnaire
A vulnerability scan

Depending on the complexity of your network, you could be done in less than 30 minutes.
You should also take the following important steps towards maintaining your PCI compliance and maximizing your protection against any outside breaches;

1 . Build and maintain a secure network

Install and maintain a firewall configuration to protect cardholder data.
Not use vendor-supplied defaults for system passwords and other security parameters.

2. Protect cardholder data

Protect stored cardholder data.
Encrypt transmission of cardholder data across open, public networks.

3. Maintain a vulnerability management program

Use and regularly update anti-virus software.
Develop and maintain secure systems and applications.

4. Implement strong access control measures

Restrict access to cardholder data by business need-to-know.
Assign a unique ID to each person with computer access.
Restrict physical access to cardholder data.

5. Regularly monitor and test networks

Track and monitor all access to network resources and cardholder data.
Regularly test security systems and processes.

6. Maintain an information security policy

Maintain a policy that addresses information security.

To get Started!