PCI Compliance: How to Secure Credit Card Information
The number of data breaches in 2015 nearly doubled those in 2014 in the first eight months of the year. And the trend is only expected to continue.
Outlined below, we disuss how businesses can properly secure data and devices, and maintain Payment Card Industry (PCI) compliance. We also provide necessary steps to take if credit card information has been compromised.
What is PCI Compliance?
PCI compliance is a set of standards established by the payment card industry to ensure businesses maintain the highest level of security when it comes to credit card information. Some requirements that must be enforced to remain compliant, include:
- Install and maintain firewalls.
- Create unique system passwords and passcodes.
- Do not store cardholder data unless it is absolutely necessary.
- Utilize strong encryption transmission data.
- Update malware and anti-virus software on a regular basis.
- Track and monitor access to networks with cardholder data.
PCI compliance helps protect sensitive payment data, preventing hackers from accessing information that could lead to customer and potentially business identity theft.
Educate POS Employees
Proper education of point of sales (POS) employees is vital to ensuring PCI regulations are enforced. A few ways to properly educate your POS employees, include:
- Offer web-based or in-person training upon hire, in addition to annual refresher courses, so employees are up-to-date on PCI standards.
- Require employees to use passwords or passcodes, especially if taking payment equipment outside of your business (i.e. tablets that provide payment options).
- Encourage employees to update systems and anti-virus software on their company computers and devices.
- Provide employees with easy access to PCI compliance requirements, and update them when they change.
How to Avoid Credit Card Information From Being Compromised
In addition to educating POS employees on PCI compliance, provide protection on top of PCI compliance requirements with POS surveillance camera equipment. Monitor register activity, and flag suspicious credit card transactions and employee behavior. Just be sure that any equipment installed on the network is properly secured to prevent hacks.
If you feel your customer or business’ credit card information has been compromised, follow these steps to mitigate damage:
- Notify your bank’s fraud department.
- Contact credit card and check verification companies.
- Report theft to local, and potentially state, law enforcement.
- Review credit card statements to evaluate suspicious activity.
How does your business ensure PCI compliance? Share with us in the comments below.
Image Source: Don Hankins