I’ve talked a lot about PCI Compliance on this blog, primarily because it impacts all of our customers’ monthly processing statements.
Merchants are charged an extra monthly fee for every month they do not complete their PCI Compliance requirements for keeping customer data secure.
Once a year, your business is required to complete a questionnaire from your processor. If you don’t complete the questionnaire or you are not keeping sensitive payment information PCI compliant, you’ll receive a monthly non-compliance fee until you complete the questionnaire.
If you want to read more about the questionnaire and how to answer the questions, you can read more here. However, there’s are pretty simple rules to follow to become PCI compliant.
There are some pretty easy steps you can follow to get and keep your business ready for the questionnaire. Here are three quick steps you can take when evaluating your business to assure private information is safe and secure.
It’s never a good practice to have your WIFI or network you use to run your payment processing or point of sale system on an open network. Keep your network behind its own firewall and on its own router, away from other networks such as the Guest WIFI.
As a merchant, you are responsible for keeping your staff compliant when it comes to keeping customer card data safe. Work closely with your employees to craft a plan that gives everyone an equal part in protecting cardholder data.
Mobile card readers like PayAnywhere and Phone Swipe are popular and offer a great solution for a business that travels or needs portable terminals for tradeshows.
The PCI Compliance Council has published security guidelines for securing mobile payment solutions you use with your smartphones or tablets.
Here’s the highlight of their requirements:
“Your mobile payment solution thus requires additional technology, including encryption, to secure cardholder data acceptance. The first part of a secure mobile payment solution is an approved “point of interaction,” which is the technical term for an approved PIN entry device (PED) or approved secure card reader (SCR) used to capture and encrypt cardholder data for a transaction” (PCI Security Standards).
From data encryption and tokenization to fraud prevention, protecting you and your customers is the top priority. On top of encryption, you should also ensure your mobile devices and tablet readers are kept safe and are secured from theft, unauthorized use, or malware.
While there are steps your business can take to make sure your business is taking payments securely, it's best to talk to someone knowledgeable. When you actually receive the PCI questionnaire once a year some of the questions are written in industry jargon that's bound to make you scratch your head in confusion.
Remember, answering incorrectly through misunderstanding could cost your business a monthly fee on your statement for having weak security. Talk to your payment processing company and they will counsel your business on becoming PCI Compliant.
Contact us here to learn more about practicing good PCI Compliance standards.