Is your Business PCI Compliant
It has been talked about for a long time and it now seemsmandatory PCI compliance’s time has finally come… and it will affectmany small merchants
The Question is: ‘Is your Business PCI Compliant’
According to an article on Ecommerce Guide; beginningOctober 1, 2009, many small merchants will begin receiving notices from Visathat they can no longer accept credit cards unless they have taken stepstowards achieving PCI compliance. The chances are, that if you use a MerchantAccount linked with Bank, you have already received a letter asking you toverify your PCI Compliancy, describe your processes of collecting Credit CardInformation, and where this information is stored.
If this information is not supplied, or you cannot provethat you have taken the necessary steps to ensure that your business is PCICompliant your Merchant Account may be suspended until your processes arerectified.
What is PCI Compliance.
‘PCI compliance is a set of security standardsdesigned to protect sensitive information during any credit card transaction’.
In General PCI Compliance refers to the storage of CreditCard Details, where customers have purchased products or services from you viathe internet, telephone sales or any other form of communication where youreceive this information. It’s not about the way this information is gathered,but what you do with this information.
For instance, if you receive a payment via credit card fromthe Internet, Credit Card Information is stored in a Data Base. Like any formor storage, these databases can have vulnerabilities and the information couldpossibly be captured by Third Parties, who shouldn’t be able to access theinformation. PCI Compliance requires that this information is Encrypted, sothat if the security of the database is compromised the information gathered isunrecognisable. Don’t think that just because you’re not Amazon or Virginthat you don’t need to take PCI Compliance seriously. PCI Compliance isrequired for the largest organisations to the smallest if they sell, or acceptcredit card transactions online. There is no getting away from it.
What Happens if my Businessis not PCI Compliant
Merchants who do not implement a PCI compliance program butsomehow still manage to process transactions may face massive fines from thecard company in a situation where security is breached; enough to send mostsmall merchants to the wall.
What Can I do to ensure thatMy Business is PCI Compliant
The first thing is to assess your processes and procedures.Is Credit Card Information being stored on Web Servers, Is unencrypted creditcard data being backup onto local servers, Do you use desk top software andlocal based servers to process Credit Card Transaction.
If you have answered yes to any of the questions above, orindeed all them, then the chances are that you will need to assess your PCICompliance.
OK, But my Business uses a 3rdParty Online Merchant Service to Process Credit Cards
Whilst these 3rd Party Online Merchants are PCICompliant you still need to ensure that the way Credit Card Information iscollected via your business meets the PCI Compliance Requirements. How isinformation within your business stored, what processes are in place forelectronic intrusion detection, who has access to private and person customerinformation, what encryption and to what level is personal data encrypted.
I think I need to Talk toSome one
Digital Pathways can provide your business with acomprehensive PCI Compliance Review, Totally FREE of charge. If we findthat your business does not meet current PCI Compliance Requirements, will weprovide you with a full report of the issues that require attention to satisfyPCI Compliance along with a 30 Day Free Trial of our products that arenecessary to make your business PCI Compliant. Once your Business is PCICompliant we will carry out a quarterly PCI Compliance Scan to ensure there areno Vulnerabilities within your Business Network or Processes. We will alsoprovide a Yearly Self Assessment PCI Compliance Questionnaire making sure thatProcesses, Actions and Procedures that may have been changed meet the PCICompliance Requirements
What do I do Next?
Call us on 0844 586. We will review your Businesses PCI
October is just around the corner, so if you aren’t PCIcompliant already; don’t put it off for much longer as it can take a littlewhile to get through the process.
