Pci Compliance And What It Means For Your Online Business
Payment Card Industry Data Security Standards
, or PCI, have been buzzed about recently since more and more merchants are popping up online, but it is nothing new. The organization was formed in 2006 by major credit card companies like Visa, Mastercard and Discover, to name a few. This coalition was created to ensure that any and all merchants who process, store or transmit credit card information adhere to a standard of security for its customers. ATAK Interactive, Inc. shares some tips on how you can ensure your online business meets PCI standards and provides a safe shopping environment for your customers.
Business levels and where yours fits
PCI compliance standards depend on which level your business is rated. The levels, ranging from 1 through 4, are based on Visa transaction volume within the last 12 months, inclusive of credit, debit and pre-paid transactions. Most small to medium business owners will fall into Level 4, which is described as any merchant who processes less than 20,000 Visa transactions per year. Keep in mind that most Level 4 merchants will have to comply with the guidelines set by their merchant bank.
There are 12 basic PCI DSS requirements for any merchant. Here is the list:
1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open networks.
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.
Tips and general information on PCI compliance
The golden rule of PCI compliance is non-storage of information. This consists of sensitive authentication data, including contents of the magnetic strip, pin or CCV numbers, etc. and any cardholder data such as the name or expiration date. It is PCI compliant to store cardholder data if certain isolation and security measures are performed, but unless you absolutely need this information its best to do without it. If you use a POS (point of sale) system, your vendor will be the best source of information. Ask your vendor if the POS is validated to the Payment Application Data Security standards, if the software stores any customer information, and (unless you already know the answer from initial installation), whether you need to install a firewall or other security measures to ensure system protection.
Where do I start?
No merchant wants to be subject to loss of trust from their customers, fines and even litigation because of unsecure payments. Here are some steps you can take to make sure your businessand your customeris safe.
1. Complete the Self-Assessment Questionnaire, or SAQ, produced by the PCI Standards Security Council. There are different questionnaires for various types of card transactions, but most online businesses will use only SAQ A, which is for Card-not-present transactions where you never come face-to-face with the customer. The SAQ can help you identify areas where you may need to improve your transaction security practices.
2. Seek help from professionals. The PCI Standards Security Council has an approved list of vendors that you can hire to evaluate the security of your system. Most small businesses will likely utilize a Payment Application Qualified Security Assessor (PA-QSA) to analyze their payment processes.
You can find all qualified professionals here:
https://www.pcisecuritystandards.org/approved_companies_providers/index.php
3. Ensure that any third parties that you work with are PCI compliant. Be aware that you can be liable for any third parties involved with your business.
Being certain that your e-commerce business is PCI compliant can save time, money and anxiety in the long run. ATAK Interactive, Inc. is dedicated to making your business safe, and will only recommend e-commerce merchants who practice PCI compliance to its clients. Its an extra step to keep you protected in todays virtual world.
by: Josh Goodman
Google Optimization Leads To Growth And Expansion In Your Business Instructions Need To Consider For Selling A Business Understanding The Importance Of Business Logo Design Dynamism Advantages Of Foreign Direct Investment For Business And Society Serviced Offices Manchester To Help Maximize Your Business Productivity With Poly Bags Packaging Give Your Business At Los Angeles A Competitive Advantage Selling Your Business? Consider Hiring A Business Broker Modify Banbe.net From Personal Social Network Into Business Social Network How Would Business Insurance Help Us? Are Business Continuity Consultants Needed? Groupon, Clones And Small Businesses Improving Your Business Through Seo Services Get The Perfect Ecommerce Solution For Your Business