Are you PCI Compliant and why you should be

PCI compliance is very important for every merchant to know and understand. It stands for Payment Card Industry Data Security Standard. It is to make sure that when people swipe their credit cards on your machine the data is not easily stolen. If you are not in compliance with PCI standards many fees and lawsuits can be headed your way!

EMV Reader
Inserting your credit card with an EMV reader!

There are six principals of PCI compliance.

  • “To build and maintain a secure network”. You want to make sure you are not vulnerable to viruses and hackers.
  • “Protect card holder data”. To do this you want to keep files down to a minimum. Make sure that all private data like credit card numbers are encrypted.
  • “Maintain a Vulnerability Management Program”. This simply means having an antivirus software installed and a secure firewall in place.
  • “Implement strong access control measures”. Have access restrictions to who can see cardholder data. Hackers are not always the only offenders for stealing data. Your own employees may also be culprits. Make sure you only give access to trusted loyal employees.
  • “Regularly Monitor and Test Networks”. Regularly test your network and make sure all firewalls are working properly. There must not be any bugs or viruses.
  • “Maintain an Information Security Policy”. Make sure you have an up to date security policy for your company.

With new technologies coming out to protect customer privacy you need to make sure your equipment is compatible. The most up to date system has a chip reader. This is a must have for any merchant! If you swipe a credit card that has a chip in it you are already at risk for a lawsuit.

Bank security
Make sure you are PCI compliant!

If someone’s information gets stolen from your store and you are not PCI compliant, that customer automatically has a case against you. You can be fined by the banks. These are fines to make up for the customers stolen information. Believe it or not you can actually be audited by the Federal Trade Commission if you are not PCI compliant.

When you are PCI compliant insurance companies may be more willing to back you. If you do not have the proper compliance and information gets stolen, you are going to be held liable. If you are compliant then you will be backed by your sponsoring bank. All of the risk you had will be taken by the banks. This is a huge thing to take into consideration.

To be PCI compliant you can read the PCI security standards or call your processor to make sure that you and your business is up to date.