As 2016 comes to a close and the Holiday season is upon us, we wanted to go over some key guidelines to keeping your customer’s data safe. Here are our tips for PCI Compliance security around the Holidays.
Before we dive in, let us clear the air to what PCI compliance applies too.
Any business that transmits, stores or processes primary account numbers (also known PAN) is required to comply with the PCI DSS guidelines. Along with the above regulations, merchants are also required to keep PAN data protected. Including their account numbers, name expiration date, and service codes. You should also be aware that Sensitive Authentication Data (SAD), is considered to generally be prohibited.
Once a year, your business will receive a survey and questionnaire directly from your processor, in which you’ll be required to fill out. If you don’t fill it out or are not keeping sensitive payment information PCI compliant, you’ll receive a monthly non-compliance fee until you complete the questionnaire.
***Quick note: emails notifying you tend to get caught by spam filters, so you may not realize it until the fee shows up on your monthly statement.
Keep a long term view on PCI security.
Don’t make the mistake of focusing only on receiving the “all clear” from your PCI compliance report. Trying to pass just the guidelines means you’re ignoring some wider security risks that can affect your business. Work on establishing a long-term mission of taking payments securely.
Actively monitor security controls.
One of the best practices your business can get into the habit of doing involves documenting your business’s effectiveness, adequacy, and status of all the security controls.
How often will depend on things like how frequently a control is likely to change, whether it’s on a high impact system. Sampling may be necessary for data collection, but make sure the sample captures variations. Samples of system components should include every type and combination in use.
Want to take payments smarter?
Contact us and learn more about if your business is practicing PCI Compliance.