LCT Newsletter
Please click to ready the 12 steps to being PCI compliant.
PCI compliance deadlines for the Credit Card Processing Industry is just around the corner.
By July 2010 all merchants must be certified that they are compliant with the Payment Card Industry Data Security Standards. With more and more diversity on how we take credit cards, it has become more confusing to the merchant as to whether PCI applies to them or not. PCI APPLIES TO EVERYONE. Let's review the forms of accepting credit card payments and how information is stored and processed.
Stand along terminals even though the are less likely to be hacked, still contain card holder data and can still be compromised. Certain password protections at the terminal level can help reduce the risk of credit card fraud. Having a password to issue Refunds can not only help the merchant reduce risk of employee fraud, but can also minimize the exposure of card data. Most terminals today, once the credit card number has been swiped, should not show the full card number at all. When a terminal is batched and settled, it completely empties all of the data and starts fresh daily. When receipts are printed and stored they should be done so in a manner in which they are under lock and key.
POS Systems today store more card holder information and once the information is settled, the card holder data is still stored in the completed batch files, leaving them susceptible to security breaches. Many POS companies today are not PCI DA compliant, and you must be very away of what the requirements are not only for POS system, but that it is your responsibility as a Merchant the make sure you are dealing with a reputable company. POS systems can be hacked into through the IP address, therefore, having a Firewall is just on of the first steps that you should take in limiting accessibility to unwanted breaches. In addition, taking Updates and patches to your software systems is crucial to keep you up to date on continuing changes that may be occurring, not only with your software, but with the compliance issues as well. In addition, using Anti Virus Software is another way of protecting your data and your clients data. Changing the default password on your systems, as well as creating passwords to get onto your system is another way to minimize breaches. When it is not absolutely necessary to have your remote access on, turn it off. Most importantly stay educated on what your POS provider requires for you to be compliant and secure.
Finally, what most people think is one of the highest risk ways of processing, is probably one of the most secure. Online, Internet processing. In order for any processing company to utilize a Payment gateway, the gateway has already had to pass a PCI-PA certification and validation from the Association.
Attached you will find a quick reference guide issued from the Payment Card Industry Standard Security Council. This is an opportunity to see where you fall and to help you become, not only compliant, but most important secure and keeping your clients information protected.
To learn more about PCI Compliance please go to www.pcisecuritystandards.org
Limo Digest did a great expose' on the credit card industry. We were privileged enough to have been interviewed by Susan Rose, one of the editors for Limo Digest. The majority of the information that is in the article was a direct effort between Limo Digest and Ferrari Merchants to make our customers more aware of the Credit Card industry and how fees affect them. Great Job Susan!!! Thank you for putting the truth out there.
