PCI Compliance still lagging in 2017
If we learn anything from 2017, it should be nothing is safe. I was recently reading a great article about PCI Compliance and it got me thinking. Why? Why are we so sure it couldn’t happen to us? Right now, the 2017 Payment Security Report Executive Summary from Verizon states that ” For the first time, more than half (55.4%) of companies we assessed were fully compliant at interim validation, compared to 48.4% in 2015. But that means that nearly half of stores, hotels, restaurants, practices and other businesses that take card payments are still failing to maintain compliance from year to year.” That leaves almost half still Not PCI Compliant and a potential hazard to you and your personal and business information.
Now for those of you that don’t know what this is, PCI DSS Payment Card Industry Data Security Standard. This is the standards by which the entity accepting your card as payment should be taking to ensure your information is not at risk. Think of them as doors and windows to your home. If you lock all the doors and windows it is much harder for someone to gain access to your home. Leave something open and you are creating the opportunity for something bad to happen. But, we live in different times. When I was young, my parents never locked their doors. Could you image leaving your doors and windows open today?
As a responsible business owner you are charged with keeping your (and your customers) information safe. This means you need to take certain precautions to ensure the information you collect (including names, addresses, credit card info, social security numbers etc.) is safe from attacks. Both online and physically. You must have training for all employees who handle this material. No, it is not hazardous waste, but put the shoe on the other foot and try to imagine someone dumping your credit card number and name into the dumpster behind the store you just walked out of and not thinking twice. Three weeks later there is a big screen purchase and a trip to Fargo that you did not authorize. Yes, it happens just like that.
Standards have been set for a reason, not to make it hard to do business, but to make it harder to gain access to vital information that can cause a lifetime of grief. Let us not forget that Equifax put a lot of us at risk for the foreseeable future. The data of roughly 145.5 million people was preverbally left in a dumpster to do with as they like and the ramifications will likely be felt for years to come. And that’s just one example.
So are you PCI DSS compliant? Are you taking the steps necessary to become compliant? Did you know that you can be held responsible for failure to take the necessary precautions and a breech happens?
If your business relies on credit cards for payment, you have had to submit a PCI compliance site survey. And more than likely you will have more red marks on your on your first attempt than a third grader in English class. But fear not, it doesn’t have to be hard. In fact, here are a few simple things you can do to get you started.
Install and maintain a firewall
Do not use vendor-supplied defaults for system password (admin is not a secure password)
Close all open ports on equipment (this will require conflicts with equipment and software to be resolved)
Protect stored cardholder information (lock up receipts in a safe)
Keep antivirus software up to date
Assign a unique ID to each person with computer access
Track and monitor all access to network resources and cardholder data
Regularly test security systems
Maintain a security policy and ensure that all personnel are aware of it
If you need more information or help becoming PCI compliant I can be reached at [email protected]
Source 2017 Payment Security Report Executive Summary from Verizon