A critical component of any business success is being able to accept payments for goods and services. At the same time, we are keenly aware of the risk associated with doing so. Whatever one trades, whatever the business, any and every credit or debit transaction
processed will involve sensitive personal information. This data has to transmitted and stored in a secure environment.
With the understanding both sides of the payments coin, card schemes like MasterCard and Visa insist that any business taking debit and credit payments comply with the
Payment Card Industry Data Security Standard (PCI DSS). It is the best method for ensuring both the business and its customers are protected from the possibility
of digital criminality.
PCI DSS Compliance
PCI DSS are a common set of industry tools and measurements established by the major credit card industries to ensure the safe handling and security of sensitive customer information supplied to merchants.
Cardholder information can entail anything that’s held within the magnetic strip or chip to any numerical details printed on the card. This can include the PAN (Primary Account Number), which fraudsters would use to impersonate the cardholder.
PCI DSS compliance secures the points from which any information can be accessed and stolen. These areas can include, but are not limited to, paper stored in a filing cabinet, a compromised card reader, a weak database or a hack into a wireless network. Small
business, in particular, is a prime target for digital criminality. This is because they will be perceived as utilising a less sophisticated security system.
Regardless of the third party responsibility, no business owner should forget it is the business’ responsibility to ensure any and all cardholder information is thoroughly protected. If cardholder data were stolen and there is no evidence of PCI DSS compliance,
there could be a raft of consequences. The business could lose the ability to accept card payments, fines, penalties and, worse, loss of confidence from customers. There may be higher subsequent costs to become compliant. There is also the likelihood of going
out of business.
Where to Start
Complying with PCI DSS standards requires meeting 12 specific guidelines that cover security management, procedures, software design and network architecture. How the business accepts payments would influence how requirements should be met. Most small merchants
need only fill out a self-assessment form available on the PCI Security Standards Council website.
Another option is to use an online PCI portal offered by merchant acquirers, such as ours. The portals are dedicated areas, supported by qualified security assessors. They provide a step-by-step functionality that walks through the assessment and offers information
on how to become and remain PCI DSS compliant.
The business will have to use an authorised route for PCI compliance. This can be either directly through the PCI Security Standards Council or one of its approved providers or companies.
Point of Sale Tips
- Ensure employees realise the importance of protecting cardholder data and the consequences of not doing so
- Use only authorised Point of Sale (PoS) terminals and payment software. (See the PCI Security Standards approved list on its website.)
- Never write or store sensitive cardholder data on paper or computers.
- PCs and wireless networks should have firewalls, encryption and password protection
- Regularly have PoS devices and PCs checked for rogue software and skimming devices