Does your business process card payment securely? – Part 4

, , Comments Off on Does your business process card payment securely? – Part 4

If you do, make sure your business is PCI compliant!

Customer paying staff member at cafe with card.

Understanding the Payment Card Industry

If your business accepts, processes, transmits or stores cardholder data, then you’re required to comply with the Payment Card Industry Data Security Standards (PCI DSS). Meeting these standards will ensure you protect your customers’ information.

What are the Payment Card Industry Data Security Standards?

PCI DSS are a set of requirements that make it easier for you to ensure your customers’ card information is always secure.

These standards include how you:

  • take a payment online
  • handle a card number read to you over the phone
  • handle a card number received in a letter or email.

As a business owner, it is important to understand these standards and apply security controls in your business to prevent a security breach.

Who must comply?

All Australian businesses that accept card payments need to be PCI compliant, regardless of business size. You can’t be partially compliant. The level of compliance your business needs to show will depend on how many card payments you process each year.

Benefits of being PCI compliant

Having a strong, up-to-date security plan in place is not only good for your business , but also for your peace of mind.

Ensuring you follow the PCI DSS in your business will:

  • reassure your potential customers that their card details are secure when they make card payments to you
  • maintain customers’ trust in your business, which enhances your business’ reputation
  • show your ongoing commitment to improve the shopping experience for your customers and a genuine desire to protect their data
  • prevent others from accessing your payment system networks and stealing cardholder data.

If your customers are confident their security is protected when doing business with you, it will increase customer loyalty to your business and drive repeat sales!

Payment Card Industry Data Security Standards – 12 Key Requirements

The PCI DSS are broken up into 6 groups that represent security best practices:

1. Build and maintain a secure network

  • Use a firewall on your network and PCs to protect cardholder data.
  • Change default passwords on hardware and software.

2. Protect cardholder data

  • Put together strategies to protect any cardholder data you store.
  • Make sure the data is encrypted if it’s being transmitted across open, public networks, or being used for authentication. 

3. Maintain a vulnerability management program

  • Make sure that all software that you are using is kept up-to-date, including your anti-virus software and that new versions or updates are installed to address vulnerabilities.
  • Develop and maintain secure connections and secure systems. 

4. Implement strong access control measures

  • Only allow access to cardholder data when it’s required.
  • Always provide employees with their own unique login credentials (user name and password) to core systems.
  • Restrict physical access to cardholder data. Do not store any sensitive cardholder data on your computer or on paper. 

5. Regularly monitor and test networks

  • Track and monitor all access to your network resources and cardholder data.
  • Regularly test security systems and processes. 

6. Maintain an Information Security Policy

  • Maintain a policy that addresses information security. 

Find out more:

Rate this post

Revision History: