Being Payment Card Industry (PCI) compliant is important for your business. It means you store customer credit card data in a secure, hosted environment.
This protects you from having your systems hacked by those looking for financial data (you won’t have it!) and shields you from liability if data does get leaked (your hosted provider takes responsibility for keeping that data safe).
PCI Compliance is a worldwide security standard set by credit card industry players to ensure that businesses process card payments without fraud. By becoming PCI compliant, you are essentially assuring that your customer's credit card data will be hosted in a secure environment.
PCI Compliance is administered by the PCI Security Standards Council and application to become PCI compliant is completed through a bank. Any company accepting credit card payments must adhere to PCI compliance. If you are thinking about accepting credit cards for your business here are a few tips that will make your journey to PCI Compliance easier.
1) Don't Store Credit Card Information on Your Own
It's not worth it! Sensitive cardholder information includes credit card numbers, expiry dates, security code (CVV) and mag-stripe data. If you need to keep your customers' billing information on file to bill them later, we have great tools including our secure credit card vault that lets you use the card anytime while transferring the security liability over to us.
2) Have a Good Password Policy
Get in the habit of changing your passwords every 30 days and using complicated passwords with letters, numbers and special characters (sentences are even better!). While having so many complex passwords can seem daunting, there are free open-source programs like KeePass.info that can store your passwords and generate new ones on the fly.
3) Use a Hosted Payment Page
Over the years, customers have gotten used to leaving the merchant website to enter their credit card information. Some customers even expect it. By removing the credit card entry from your website and using a secure hosted payment page, you reduce your liability and scope of compliance.
4) Get Antivirus and Firewall Software
Having up-to-date anti-virus software on your computer is a must, but merchants should also consider a good software firewall (a popular option is ESET's SmartSecurity). Wouldn't you like to know every time a new program is trying to send data out of your computer
5) Use a Separate Network
If you are using a Virtual Terminal or an Internet-based terminal, part of the PCI compliance standard is to have a separation of the network. Sounds complicated? It can be as easy as getting a separate wired router for your office. This is a great and very cheap way of increasing your security. Use the diagram below as a reference.
The Importance of Compliance
PCI is an important standard to comply with if your company accepts credit card payments. It protects you from the legal liability of losing sensitive information in the chance of a data breach. By adhering to these five best-practices, your business’s journey to PCI compliance will run more smoothly.