PCI Compliance- Fraud Prevention
Imagine this scenario:
Your business has been moving steadily toward accepting credit card payments, but the bank has declined your PCI Compliance application and you don’t know why. It’s almost as bad as having your credit card declined in front of a line of irate shoppers, isn’t it? Well, no, it isn’t. Especially if you consider your customers, who might have been the victims of identity theft had you been issued an application without meeting the requirements. But now what do you do? You call CrafTech right away, because we will take care of every aspect of your PCI compliance from the initial application through maintenance of systems.
PCI DSS, or the Payment Card Industry Data Security Standard, is stringent for good reasons: it protects the personal data that is transmitted with every credit card transaction, and it coincidentally safeguards you from damaged reputation and lost customers. That’s the good news. The bad news is that even if you have done all the hard work and had your application approved, but you don’t maintain the necessary security measures, you risk high fines, as well as identity theft, damaged reputation and lost customers. And if you’ve outsourced your IT infrastructure to avoid the headache, your hosting provider must ensure that its data center is compliant, because any security breaches ultimately reflect on you.
The 12 Components of PCI compliance
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Use and regularly update antivirus software.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security.
The questions you need to ask yourself are these:
- Does your IT department have the expertise to set up a system that meets all of the above stipulations—and keep it all running at top efficiency?
- Do you trust your hosting provider to guarantee that your network is absolutely airtight, to meet all the other requirements demanded by the PCI Data Security Standard and continue to do so in order for you to operate with confidence?
If the answer to any of these questions is “no” or even “I’m not sure”, you should be talking to CrafTech.
We’ve got you covered.
Written by: Susan Palmer