If you're business is obliged to undertake a PCI audit, then following a PCI compliance checklist will ensure that you're security processes and payment processing meet the compliance standards. To ensure that you are meeting PCI compliance standards, you'll need to start by looking at what exactly PCI compliant means.
PCI (Payment Card Industry) compliance means that your business operates within the standards set by the industry's governing body, the PCI Security Standards Council (PCI SSC). PCI security is about protecting customers when processing and storing information on transactions carried out using credit or debit cards.
With changes in the way that cards are used, such as online purchases and changes in point of sale technology, there have been a growing number of opportunities for credit cards to be compromised. As a result of this, the need for business to remain PCI compliant has become essential in order to safeguard credit card use.
By adhering to the standards set out by the industry, being PCI compliant will reduce the risk of a security breach resulting in the misuse of customers’ data and credit card information.
PCI compliance is required by all merchants — whether large or small — and it includes compliance for online transactions whereby credit card details such as card numbers, expiration dates and other security codes are transmitted online.
The following 12 components form part of the PCI compliance checklist outlined by the PCI Security Standards Council. This checklist aims to establish and maintain a secure, impenetrable network focusing on security of payment brands users.
- Install and keep updated a firewall between the public network and the payment card data
- Change vendor-supplied passwords that come with network and payment processing equipment
- Protect any customer data stored for business purposes or regulatory purposes
- Encrypt all transmissions of customer data over any public network
- Maintain antivirus software in all of your computers
- Deploy only secure card processing applications and systems
- Limit access to the customer payment data to as few people as possible on the “need-to-know” basis within your business
- Use building entry authentication such as visitor and employees badges with identification to limit access to stored data
- Keep restricted physical access to business computers and customer data
- Regularly test security applications and any PCI security processes that you have in place
- Keep all employees informed about your information security policies
Generally, businesses will implement the necessary security measures to ensure these requirements are adhered to. Carrying out self evaluation of PCI security processes will help to ensure that your business is providing a secure environment and protecting customer data efficiently.
Maintaining a high level of security is preferable to falling foul of a security breach and then having to go through an expensive process of re-establishing accounts; not to mention the potential loss of customers if your business caused customer card details to be leaked.
Following the guidelines in the PCI compliance checklist will provide customers with security and peace of mind when dealing with your business. It will also help you to develop appropriate processes and procedures for handling of card data and customer information.
If you're confused about how to get started with this process, then contracting a qualified assessment firm can help you to pinpoint any areas of improvement in your existing security policies.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.