Protecting_your_Customers_69660_131364You are opening up your own business, or your current business is accepting credit cards to make purchases more convenient for customers. What steps will you take to garner your customers’ trust that their credit card data are secure and remain confidential?

PCI Data Security Standards

First, any business accepting credit cards, it is imperative to understand that you are subject to the scope of the Payment Card Industry's Security Standards Counsel (PCI).

The size of your business and implemented business processes determines the specific compliance requirements, and usually the bank or payment brand advises on the required PCI Data Security Standard (PCI DSS) validations. Enforcement of merchant compliance is not managed by PCI, but rather by the individual payment brands. Annual completion of the self assessment questionnaire (SAQ) may even be required by your bank. The key takeaway here is that the business is responsible for meeting and maintaining all aspects of the PCI compliance requirements.

Annual Testing – There are common areas where businesses fail to comply with PCI DSS. The first area is annual testing by a qualified tester, which testing must include network and application layer evaluations. This testing must also be performed after any significant change to your network environment. Note that a new version of PCI DSS, which updates penetration testing requirements, went into effect June 2015.

Quarterly Scanning – On a quarterly basis or if your business makes internal or external network changes, then you must perform a vulnerability scan, fix any identified gaps and re-scan until the vulnerability is repaired and clean results are obtained. During this process, record keeping is required. Your business must maintain records of each scan and re-scan, and it must provide four passing quarterly scans for the prior year.

Timely Implement Patches – Critical security patches are required to be implemented within a month of their release date. Vendor supplied patches require coordination and testing and can be time-consuming, but correcting known gaps with patches provides a security control. To assist your business in managing this common source of breaches, consider adopting automated configuration management software as provided in Singular Security's SingularReady services.

Ongoing Compliance – Consider compliance as an on-going process in your business environment. Ongoing compliance testing and monitoring will assist your business in maintaining a robust compliance program. Remember, also, that compliance does not only involve your company. Be sure to also check the compliance status of your current payment processing provider and third party vendors.

In addition to adhering to PCI Standards, there are additional considerations for business owners to safeguard their customers’ credit card data.

Other Considerations – If your business stores customer credit card data, you must take extra steps to safeguard sensitive information by ensuring the data is encrypted. Be sure to also regularly back up the data by using only secure backup methods.

Much of the PCI DSS requires implementation of security policies and procedures around handling of customer credit card data.  Implement the use of unique employee PINs & IDs to track sales and refunds, and train your employees in the proper handling of credit card transactions and what to be aware of in case of a potential fraud situation.

These are just some of the main steps you can take as a business to protect your customers’ credit card data and to engender customer trust and confidence. Singular Security will help your business understand the requirements, manage the compliance program and maintain the ongoing requirements to ensure you pass your audits . Call (888) 669-1618 to discuss your PCI program with a Singular Security PCI specialist today.

Used with permission from Article Aggregator