If you own a business that accepts credit cards, listen up. The Payment Card Industry Data Security Standard (PCI DSS) applies to you.
Think about this, every time a customer swipes his/her card, they’re entrusting you with their personal information. They have absolute confidence that their information is safe and free of a hacker getting their hands on it. This is where PCI compliance comes in.
To uphold your end of this security relationship, PCI compliance is a standard that protects your customer’s digital cardholder data. To adhere to this standard, it’s encouraged to host your cardholder data securely with a PCI compliant hosting provider.
So, if your business DOES accept credit cards, there are 12 PCI compliant requirements that you should be aware of. Meeting these will help your business be secure.
Encrypt cardholder data across public networks
If you encrypted your credit card data a hacker without the proper cryptographic keys will not be able to read or use the information. Cryptographic keys change plain text into ciphertext. Ciphertext is unreadable without the proper cipher, the algorithm to read the text.
Install and maintain a firewall
You need two firewalls and one test procedure. You as a company must create your own firewall to protect your customer’s data, and a test procedure to consistently monitor their security. The hosting company where you store the data should have their own firewall, too.
Protect stored data
If you’re not a security company, and you store the credit card data yourself, you’re more vulnerable to a breach. If you don’t store the data yourself, the company you store it will most likely have more security standards.
Change the vendor-supplied password defaults
This goes without saying but change all vendor supplied passwords the moment you can. The fewer people who know your password the better.
Have secure applications
If your system finds new security holes, it should notify you. Having these alerts will help you stay on top of your system’s security.
Update your anti-virus software
This goes without saying, if you don’t have an anti-virus software, you need one. In addition, frequently updating the software will help strengthen your security wall making it harder to penetrate.
Assign a unique ID to each person with computer access
If you abide by best practice standards you’re doing two things: 1. Individual IDs for each member with access, and 2. Make them update their password every 30 – days, with specific log-in times.
Protect cardholder data with lower “business need-to-know”
Limiting the number of personnel that has access to cardholder data will lessen the chances of a security breach.
Track and monitor all access to network resources
Implement a logging system that monitors who is looking at your data and when. So, if there is ever a breach, you’ll be able to look back at who was looking at it.
Have information security policy
This policy will document everything that you have in place for security. If anyone ever asks about what you’re doing to secure credit card information, you’ll have this policy to share.
Restrict physical access the servers
If you host your data on a PCI compliant server, make sure they’re protecting your data by limiting the number of people who physically have access to the server.
Frequently test your security
Again, it’s best practice to always monitor your systems. It’s better to test here and there than to miss a hole in your security for someone to breach.