Let's Connect
  • Sales Chat
  • Remote Session
  • 877-394-4368 877-394-4368
  • Login
  • IT Consulting
  • Software Development
  • Cloud
  • About
  • Contact
  • Support
Menu
  • IT Consulting
  • Software Development
  • Cloud
  • About
  • Contact
  • Support
Search
Login
  • All Posts

Archives

View Archives
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015

Categories

Categories
  • Announcements
  • Apple
  • Applications
  • Backup and Disaster Recovery
  • BYOD
  • Cloud Computing
  • Compliance
  • Cryptocurrency
  • Customer Service
  • Cybersecurity
  • DFARS
  • Dynamics NAV Hosting
  • Firewall-as-a-Service
  • HIPAA
  • iOS
  • IT Best Practices
  • IT Expenses
  • IT Outsourcing
  • IT Security
  • Legal Vertical
  • Linux
  • Managed IT Services
  • Medical, EMR, EHR
  • Microsoft Azure
    • Powershell
  • Mobile
  • Mobile Computing
  • New Jersey
  • New York City (NYC)
  • Office 365
  • PCI
  • Rancho Cucamonga Location
  • Rant
  • Regulatory Compliance
  • SharePoint
  • Small Business
  • Software Development
  • Sort of Technical
  • Tools/Utilities
  • Troubleshooting
  • Ubuntu
  • Uncategorized
  • Very Technical
  • Virtualization
  • Windows Surface
  • Announcements
  • Apple
  • Applications
  • Backup and Disaster Recovery
  • BYOD
  • Cloud Computing
  • Compliance
  • Cryptocurrency
  • Customer Service
  • Cybersecurity
  • DFARS
  • Dynamics NAV Hosting
  • Firewall-as-a-Service
  • HIPAA
  • iOS
  • IT Best Practices
  • IT Expenses
  • IT Outsourcing
  • IT Security
  • Legal Vertical
  • Linux
  • Managed IT Services
  • Medical, EMR, EHR
  • Microsoft Azure
    • Powershell
  • Mobile
  • Mobile Computing
  • New Jersey
  • New York City (NYC)
  • Office 365
  • PCI
  • Rancho Cucamonga Location
  • Rant
  • Regulatory Compliance
  • SharePoint
  • Small Business
  • Software Development
  • Sort of Technical
  • Tools/Utilities
  • Troubleshooting
  • Ubuntu
  • Uncategorized
  • Very Technical
  • Virtualization
  • Windows Surface

Microsoft
Cisco
HP
Lenovo
StorageCraft
VMware
Extreme Networks
Dell PartnerDirect
SonicWall
Home "On IT" Blog September 9th, 2017

Don’t Ruin Your Business by Accepting Credit Cards Without Being PCI Compliant!

Posted on September 9th, 2017 in Compliance, PCI



Credit Card Security imageRunning a business of any kind means accepting payments, often via credit card. Because thieves target these transactions, you and your customers are at risk. How much? Credit card theft cost U.S. consumers $16 billion in 2016. Making payments safe for consumers is crucial for your business reputation. As a business owner, you need to protect your customers’ financial information. Payment Card Industry Data Security Standard (PCI DSS) compliance is your solution.

PCI DSS represents a set of security standards designed to prevent credit card theft. Compliance shows that you are taking all reasonable steps to protect your customers. These include processes to prevent, detect, and react in case of data breaches.

Do you need it? Most major credit card schemes require PCI compliance. For example, Mastercard, Visa, American Express, Discover, etc., all need it. For this reason, everyone who accepts credit cards must be PCI compliant. And, while the primary goal of PCI DSS is protecting customers, it also protects you.

IBM research shows that data breaches cost businesses an average of $141 per lost record in 2016. Businesses also have a 28% chance of experiencing a data breach. If you are not PCI compliant, you and your customers are at risk. You could also be liable for data stolen from Point of Sale (POS) systems on your premises.

What Does PCI Compliance Entail?

PCI compliance involves 2 factors; secure Point of Sale and secure business practices.

If you have PCI compliant POS solutions, you need to meet 12 requirements for PCI compliance.

  1. Integrate antivirus software
  2. Create secure network systems and applications
  3. Update security standards, passwords, etc., to secure standards
  4. Take steps to protect data
  5. Use encryption on open and public networks
  6. Restrict digital access to cardholder data
  7. Generate unique identification for employees to track liability
  8. Restrict physical access to cardholder data
  9. Track access to networks and computers with cardholder data
  10. Test and maintain security systems and standards
  11. Create a security policy for all employees
  12. Use secure hardware

Implementing these standards will enable you to mitigate data breaches.

Applying for PCI compliance requires 4 primary steps. These include different processes depending on your business setup and size. You can choose to handle everything yourself to save costs. You may also hire a Qualified Security Assessor to do the work for you.

Complete the Self-Assessment Questionnaire

In most cases, you can submit a self-assessment questionnaire to achieve PCI compliance. There are 9 Self-Assessment Questionnaires designed for different types of businesses. The questionnaires include 20-100+ questions and an Attestation of Compliance form. Some businesses need a Designated Entities Supplemental Validation from a Qualified Security Assessor. You may also need an independent review of your business by an Approved Scanning Vendor.

Determine Your Compliance Level

PCI compliance level represents the security risks your business faces. It changes based on how many transactions you handle per year. Different banks and credit card companies use different standards.

Submit Documents

After you fill out documents, submit them to your bank or payment solution.

Review

You may need an independent validation of compliance. Here, a Qualified Security Assessor will review your business on a yearly basis. If you do not need the independent validation, the Self-Assessment is enough.

Choose a PCI Compliant POS Solution

Most small and medium businesses use systems and services from third-party suppliers. Unfortunately, not all vendors and suppliers offer PCI compliant POS solutions and processes. Many small businesses own older POS systems that are no longer PCI compliant. For example, an old system might store magnetic stripe data. It might also store CVV2 or PIN data which is also a risk.

A secure POS system includes:

  • Secure hardware
  • Secure cables and connections
  • Data encryption
  • Antivirus
  • Anti-SSL Sniffing
  • Keylogger protection
  • Remote takeover prevention
  • Hard drive protection

POS solutions should be individually PCI compliant. But, if you accept payments through an application, you need to ensure that it is PCI compliant too. If you accept credit cards at your store, the direct point of sale must be compliant as well. Finally, your server and network must be compliant as well.

PCI compliant software and hardware are Validated Payment Applications, and can be bought through POS solutions providers like POS.com.

Purchasing a secure POS system is only the first step to ensuring that you are PCI compliant. You also need strict security standards for your business. Companies with a large internal IT department can handle this on their own. If you don’t have that, we at Exigent can help set up and manage security standards for you. See our IT security services.

PCI compliance requires you to:

  • Use security protocols for your network
  • Secure remote and wireless access
  • Use antivirus software
  • Install a firewall
  • Control physical access to servers
  • Restrict digital access to information

PCI compliance can be time consuming and may be expensive. You may be hesitant to replace your POS hardware, but it can save you money. Losing customer information puts your business at risk. A data breach can be costly. It can also affect your reputation, your ability to accept credit cards, and even your ability to stay in business. Ensuring that you are PCI compliant will protect your business and your customers.

Add a Comment

Click here to cancel reply.

Time limit is exhausted. Please reload the CAPTCHA.

Our Core Values:
  • We are always 100% committed to our customers' needs.
  • We value charity and goodwill.
  • We realize there are no shortcuts to true excellence.
  • We believe in the power of teamwork and collaboration.
  • We honor the golden rule.
  • We are humble.
  • We value transparency.
  • We are honest and value integrity.
  • We lead by example.
  • We value continuous education.
  • We value innovation and forward-thinking.
  • We foster a passion for life, work and everything in between.
  • We discourage negativity.

More About Us

Exigent Technologies LLC is a full-service information technology consulting firm that implements and maintains high-performance IT systems for small and medium-sized organizations in a wide range of industries. Regardless of their size, today’s companies rely on anytime, anywhere access to information—and Exigent delivers.
read more

Want To Find Out More?









  • IT Support & Consulting Services
  • Software Development
  • Cloud
  • About
  • Contact
  • Client Support
  • Areas Served
  • Make a Payment

Sign Up For Updates

IT Services, IT Consultants and Cloud Computing | New Jersey | New York City
400 Valley Rd Ste 203, Mt. Arlington, NJ 07856 | 845 3rd Ave FL 6, New York, NY 10022

Copyright 2019. Exigent. All rights reserved. Sitemap Privacy Policy|WordPress Website Produced by: Inverse Paradox

Protected by Copyscape
Facebook Twitter LinkedIn YouTube Google+ Glassdoor Instagram