20 Jan 3 Best Practices To Keep Your SMB PCI Compliance Friendly
How many of you have heard of PCI Compliance?
And how many of you are filled with anxiety or confusion when someone mentions PCI Compliance?
PCI Compliance is a complex and broad subject. Merchants are told constantly they need to make sure they’re compliant, but aren’t told how to actually do it.
Have no fear, we’re here for you.
Today we’re covering three basic best practices to make sure your business is following PCI and guaranteeing that sensitive information is secure.
1). Do not store sensitive data, and if you have to; lock it down
If you’re running an E-commerce store, make sure your site is not automatically storing information on your pages.
If you have a professional website that is managed by a company, talk to your designer and make sure your site is not storing sensitive information on your server.
If you have a brick-and-mortar store, keep documents with customer information locked up and out of site from customers and employees.
If you like to keep all your paper receipts, or turn them into PDFs. Keep them locked. Have a secured computer that only either an accountant and yourself have access to, or have secured storage place for the paper receipts and cardholder information.
2). Keep your website updated and protected with a firewall
If you’re running any sort of payments online, you need to guarantee that your website is constantly updated. Without consistent upgrades, you’re essentially leaving your site open for hackers.
Make sure your web designer is consistently managing updates for you and making sure you’re not leaving yourself vulnerable for hackers online. Also, make sure you have the necessary online firewalls to repel cyber attacks.
3). Train your staff on how to handle sensitive information properly
Nothing is more important than keeping your customers’ information safe. Sadly, lots of errors that give fraudsters access to private information are human errors.
Make sure your staff does not give out information over the phone or via email. Also, make sure they are correctly using the computers at work and correctly storing cardholder information. Only approved staff should be actually handling sensitive information.
Keep yourself aware of who has access to customer information, and regularly check to make sure your staff is handling sensitive information with care.
If you want some additional reading about PCI, or want to test your business, read more here at the official PCI Security Standards Council.
Don’t let these best practices fall by the wayside!
Want to talk to an expert about PCI? Talk to our merchant services specialists.