PCI Compliance can seem complicated. You may think all is well and then find that your business is not compliant. The explanations can seem vague. In this post we will go over the basics of PCI compliance-what it is, why it is important, and ways you can navigate the waters with confidence. Recently our CEO, Will Slappey, sat down with Frank DeBenedetto to discuss PCI compliance.
PCI compliance is basically a framework, a set of rules and regulations that was put in place in 2006. To help the credit card industry and all the associated entities produce a somewhat of a standard to follow to try to increase the security around the payments industry.
Anyone taking forms of electronic payment.
From Frank: “And what's amazing is you know, you can continue to process and do everything along the way. And your product, your processor will just charge you a fee: $35- $75 a month for being what they consider non-compliant. And typically, that is related to a lack of doing like a self-assessment questionnaire, or a testing to other things that you say you’re doing. But you know, you can, you can basically truck along here and just continue to operate business as usual. The downside here, of course, if you if you do find out that you are non-compliant, and there is a breach of some sort, you could not be say covered, right, you can be fully liable because you were never in compliance in terms of what the provider saw.”
PCI DSS (Payment Card Industry Data Security Standard) outlines 12 areas you need to look at. Six of those areas are handled by a traditional MSP for a customer as part of their cyber security program. This would cover things like having a firewall, having antivirus on the computers, setting up a system of privileged access. Some of these standards are in the purview of the customer, policy requirements like not writing down credit card numbers. If you store credit card numbers in your computer system, make sure that the information is encrypted. It is also particularly important to keep up to date with technology, upgrading to the latest card readers and ensuring that your point-of-sale system stays updated.
To learn more, listen to the full conversation here:
Or, watch the video: