Products

Keep Hackers Out, Increase Sales:
The Importance Of Being PCI Compliant

Understanding what it means to be PCI compliant is the first step towards becoming compliant. Merchants need to understand what protocols are necessary and why they should consider becoming PCI compliant. It’s quite likely that a merchant is required to become compliant. If the company receives, stores, or processes the Primary Account Number (PAN) or the principle credit card number of a customer, then PCI compliance is a necessity. These numbers are no longer than 19 and no less than 16 numerals in length. This isn’t the only piece of information that is protected. Should a merchant obtain other information, such as the CVV or CVC number of a credit card, this information is also under PCI compliance protection.

Each different merchant level will have different PCI compliance requirements. The merchant must evaluate the level of relevancy to their PCI guidelines. Different credit card companies have particular PCI guidelines in addition to the DSS standard. These guidelines need to be adhered to or the merchant risks being in violation of compliance altogether. Some credit card companies follow the standard practices towards PCI compliance but also have their own set policies that often favor the customer. Complying with the DSS standard but not credit card company standard could result in some potential problems in the future. Should these issues become problematic; the merchant will also be subject to audit of the particular credit card company. This is why it is imperative that the merchant evaluates and assesses their PCI compliancy in direct relation to the companies as well as regulated standards.

ernie-pci-bowling

Amongst the most common PCI compliancy components is the infrastructure of the system that maintains and operates the personal information. As with the case with Chase Manhattan this past holiday season, PCI security is not just the problem of those that maintain and collect this information. Resulting from the situation where the Target retail chain was hacked and thousands of customer information was accessed; Chase has issued warnings to merchants. The warning stated that they would have to become fully PCI compliant to their standards should the businesses want to continue accepting Chase credit and debit cards.

In this, merchants and service providers are expected to comply with an infrastructure that is compliant with the standards set with the Payment Card Industry: Data Storage Standard (PCI DSS). This standard documents in writing, the procedures and requirements that are to be set when taking, storing, or accessing payment card information. Some of the standards that are explained are that in regards to firewalls, access, data encryption, and security measures to be taken.

Firewalls

All PCI compliant merchants must have and maintain an enterprise firewall system to protect cardholder data. This firewall is the first line of defense against hackers or those who wish to steal privileged information within the system. This firewall should not only protect the stored information but also transferred information as well.

System Defaults

Most merchant systems for card payments are supplied by a vendor that provides everything from the point-of-sale system to the scanners used for payment. These systems are usually set to a default configuration that is meant to be streamlined for installation and maintenance. They are also common amongst all other similar systems making the default an easy target for hacking into. Merchants should customize passwords and security parameters that are unique to the system. Only authorized personnel should be allowed to access these systems to make changes.

Data Protection

The protection of cardholder data is certainly something that should go without saying. While many companies and merchants do their best to protect this data, it often goes missed. Hackers and identity thieves are constantly looking to find ways to infiltrate a system. It’s important to maintain compliance by staying one step ahead of those who want to perform malicious acts. Stored data such as credit card numbers and purchase data should be maintained only as long as it is needed to provide customer service. This service should only be directed towards the possible credit back to the card or use for verification of the purchase. Beyond this, the information should never be stored.

Encryption

With networking technology becoming the standardized norm, the importance of ensuring that the transfer of information is protected is at an all-time high. The reality is that this information, at any given point, can be intercepted once the data has transferred beyond the internal structure of the network. In short, if a customer uses a debit card to purchase something even as small as a snack item from a convenience store then that data leaves the internal infrastructure to get to the secure network of the issuing bank. This data must be encrypted so that only the sending and receiving authorities can understand the data.

Proficient Security Suite

Aside from the firewall, having a sufficient security suite installed not only on network server components but also end user workstations will provide for greater protection of the data that is being transferred on the system itself. Many of the tools used to provide security breaches in the system are in the form of malware and programs that hide themselves within the system itself. The malicious programs are similar and can go undetected. Having an updated anti-virus and security software suite will help in the detection of these programs.

Maintenance and Security

Having a dedicated team of system engineers at the ready to continually maintain and operate the system is an ideal way to ensure that the system is compliant. It is the job of these professionals to make certain that the systems in place are secure and maintained properly. Many are exclusively trained and experienced in the methods of PCI compliancy. Keeping the system maintained and up-to-date will keep the intrusion rate low and the protection of the system itself intact. Part of this maintenance is the administration of accounts. Administrators of the system should provide limited access to those who are trusted. This could include managers and executives. All employees with access to the system should be aware of the network policies not only assigned to them but to the company and PCI compliance as a whole. Monitoring and violations of these policies should be strictly enforced.

Keeping Data Restricted

Merchants will need to keep cardholder data on a need-to-know basis. This includes payment options and checkout services. In most cases, the cardholder details are not necessary when simply swiping or registering for payment. The full card number doesn’t need to be displayed only the acceptance results are necessary. In terms of usage for the merchant, the card should either be accepted for payment or not. Should a card be declined, it is up to the customer to figure out the reason why.

Use Only Trusted Scanning Vendors 

A trusted scanning vendor will provide an assessment of the network by conducting safety checks. The purpose of the scanning assessment is to determine any potential leaks in security and vulnerabilities

One of the most common problems with PCI compliance is that most companies only remain compliant long enough to pass any reviews or when a system audit occurs. This practice is a hindrance and could jeopardize the system as a whole. Maintaining compliancy is a job that should be conducted regularly and reviewed continually. This may seem like a costly practice but rest assured that it is more costly should a class-action lawsuit or federal investigation find its way to a merchant’s doorstep because of a lack of proper compliance protocols being exercised.

How Trust Guard Helps You To Become PCI Compliant And Increase Sales

ernies-seach

Scan For Threats

Trust Guard scans your site for vulnerabilities.

ernie-bustingbaddies

Fix Problems To Keep Hackers Out

If we find a security hole, we let you know so you can fix it and go about your business without the stress of pesky hackers.

ridingthewave

Increase Sales

Ride the wave of winning! Our seal of approval, the Trust Seal, shines like a beacon of awesome and it increases your sales! That’s right! Being secure makes you rich (ish)! Plus! You’ll meet PCI Compliance standards! Everyone wins!

Our Team: MEET THE PEOPLE WHO
DRIVE OUR SUCCESS

“A company’s employees are its greatest asset and your people are your product.”

-Richard Branson

 

Dave Brandley - Co FounderCo-Founder, Dave Brandley

Co-founder, eCommerce & website security expert, PCI Compliance ninja, father, innovator, lover of fun & all things internet. Loves traveling. Favorite destination? The Philippines.

Scott Brandley - Co FounderCo-Founder, Scott Brandley

Co-founder, father, son, security pro, lover of baking, shaking, and security making.

Todd brandley - CMOCMO, Todd Brandley

Father, husband, son, soldier, medic, lover of the outdoors, wife, family and work. Loves people and helping business’ reach their maximum potential. He’s kind of a big deal (and the nicest guy ever).

James Wales - Web DeveloperWeb Developer/Programmer, James Wales

Web developer and developer of awesome in general. Lover of travel, family, sunshine, and skipping rope at the boxing gym. He moves like a butterfly and stings like a bee.

Office Manager - JoyOffice Manager, Joy Boothe

Blogger, wife, writer, lover of social media, the internet, knowledge, etc.

Tiffany Hunt - Tech SupportTech Support, Tiffany Hunt

Loves helping others and figuring out solutions to our customer’s problems. She likes long walks on the beach, security scanning, and unicorns.

Shayne Murphy - Office AssistantOffice Assistant, Shayne Murphy

Father, faithful employee, lover of sports, kids, life, and Twitter.

ernies-seachEpic Earnie

eCommerce and security can be heavy and that’s why we have Earnie. Earnie helps lighten the mood around here. He likes power smoothies and playing the violin, stopping cyber criminals, and illustrating the proper use of Twitter and SEO.

Leave a Reply

Your email address will not be published. Required fields are marked *

rolex replica watches