PCI Compliance

Owners and managers of small and mid-size businesses that accept credit cards as payment, should be concerned with PCI Compliance. According to the PCI Compliance Guide , the Payment Card Industry Data Security Standard (PCI DSS) set of requirements is designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.  Although PCI Compliance is not a federal law, your business’ reputation depends on your data being secure.

In their 2014 PCI Compliance Report, Verizon surprisingly found that only 11% of the businesses they assessed were fully PCI Compliant.  They have a handy infographic 2014 PCI Compliance showing some of the findings of the report.

The Verizon Compliance Report lists the PCI DSS requirements as such:

1 Install and maintain a firewall configuration to protect cardholder data.
2 Do not use vendor-supplied defaults for system passwords and other security parameters.
3 Protect stored cardholder data.
4 Encrypt transmission of cardholder data across open, public networks.
5 Use and regularly update anti-virus software or programs.
6 Develop and maintain secure systems and applications.
7 Restrict access to cardholder data by business need-to-know.
8 Assign a unique ID to each person with computer access.
9 Restrict physical access to cardholder data.
10 Track and monitor all access to network resources and cardholder data.
11 Regularly test security systems and processes.
12 Maintain a policy that addresses information security for all personnel.

How’s your company doing with PCI Compliance?  Is it something you are confident you have covered, or would you like some assistance with it?  We’re always willing to help with PCI Compliance and all types of data security.  Just give us a call or drop us an email.