Are you a small business owner that accepts credit cards? If you answered yes to this question this is something you need to fully understand and be concerned about. If your business is not PCI compliant it can become very costly to you.
What is PCI?
PCI actually is short for Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a set of standards that were developed to protect any credit card information during and after the initial transaction. PCI DSS is overseen by the Payment Card Industry Security Standards Council (PCI SSC). The PCI SSC was established in 2006 to help improve the security of credit card transactions.
Why Should I Comply With PCI?
This should be a no brainer for a small business owner. If cardholder data is compromised and it is determined that it was by fault of something your business did, you can end up being fined, incur penalties or worse off, lose your right to accept credit cards. By Complying with PCI you are letting your customers know you are using secure systems to complete their credit card transactions. You will also reap the benefits of being prepared to comply with other regulations that might come along such as HIPAA.
What Are the Requirements to be PCI Compliant?
There are six main requirements a business must meet to be considered PCI compliant. They are:
Maintain a secure network: This includes having a firewall set up and all passwords changed from original default.
Protect cardholder data: Make sure that all transmitted data is encrypted if sent over public networks.
Maintain a vulnerability management program: Always ensure you are using secure systems and that you have an updated anti-virus program running.
Insure strong controls are in place as to who has access to cardholder data: All physical access to cardholder information should be restricted.
All networks should be continuously monitored and tested: Always test all processes to ensure all security measures are kept in place.
Maintain an Information Security Policy: Have a policy in place that addresses all information security concerns.
Complying with PCI is not a one-time deal, it is an ongoing process. Don’t let all the hard work you put in to growing your business fall apart because your customers’ credit card information was not secured. You can get additional information on becoming PCI compliant from the PCI Security Standards Council.
Latest posts by Barbara Goldberg (see all)
- The Conundrum Over Small Business and The Affordable Care Act - 11 March, 2014
- The Confusion Over What’s A Small Business - 26 February, 2014
- 7 Tips Your Business Should Take to Prevent Sending SPAM Emails - 10 February, 2014