Any business that takes credit cards is required to adhere to a set of standards, known as PCI. Achieving PCI compliance is a process with different steps depending on how you take credit cards and the size of your business, among other factors. Your credit card processor or independent security experts can help you achieve PCI compliance. However, a common misconception is that once you’re PCI compliant, you’re all set and you don’t need to do anything else. The truth is, PCI compliance is an ongoing commitment, and you’ll need to verify it every year through a PCI questionnaire.
If you’ve already achieved PCI compliance once, you’re ahead of the game. You know what it entails, and staying compliant will just be a matter of continuing the good practices you’ve put into place. Yet, by some estimates, four out of five companies don’t pass compliance checks during the year after compliance because they fail to maintain security protocols that meet or exceed the PCI standards.
Let’s take a look at 3 of the most important things to do to stay secure once you’ve achieved PCI compliance.
Configuring and maintaining firewalls is a crucial component of achieving PCI compliance and staying secure. Firewalls help prevent unauthorized intruders to your network, blocking traffic that doesn’t meet security criteria. Proper use of firewalls can significantly increase your security, while neglecting them opens you up to hackers and other potential scammers.
Don’t Neglect Anti-Virus Updates
Anti-virus software is a crucial component to maintaining security at your business. Viruses and malware provide opportunities for thieves and scammers to gain access to your system, which is why its use is a requirement. Be sure that you keep your anti-virus software up to date and turned on so that it can protect against these types of attacks. Often, businesses neglect to update their software, leaving them vulnerable to new types of viruses or malware that may have been stopped if the software was current.
“Managing access” has several components: restricting access to data to only those employees who need it, securing physical access to data, and authenticating access.
Securing physical access to data is an easy one to overlook, but is just as important. POS systems, terminals, and other equipment should be secured away from customers and accessible only to authorized staff.
Restricting access to only authorized employees means that employees are only given access to the functions they need for their jobs.
Authenticating access refers to making sure that the user accessing the data is who they say they are. One way that authentication failures happen is when employees are given shared accounts, ringing in sales or orders under an umbrella account, making it difficult or impossible to trace the source of a security or data breach.
PCI compliance is an ongoing commitment, but it’s in your best interest to ensure that you’re compliant at all times, not just at your yearly evaluation. Otherwise, you may find yourself facing PCI non-compliance fees If you need help achieving PCI compliance or have questions about staying PCI compliant, contact your processor for assistance.
If you need help achieving PCI compliance or have questions about staying PCI compliant, contact your processor for assistance.