How To Stay PCI Compliant
Staying PCI compliant can be frustrating and complicated. But the consequences of not dealing with them can be even worse.
Non-compliance can result in having to pay extra fees, fines, or even possibly getting your account suspended.
How you keep your merchant account PCI compliant depends on the guidelines laid out by your account provider. Make sure you take every step you can to ensure the safety of your customers’ information and your company’s data retention systems.
Luckily, there are some easy ways for you to boost your security and stay compliant. Check below for some simple and useful tips.
1. Delete customer data
There’s no real point in keeping customer payment data unless you’re going to do recurring billing, as keeping everything secure is a complex and costly hassle.
When you use a payment processing system that stores customer information on your computers, you’re going to need to protect it from hackers that could compromise customer accounts.
In order to protect all of the data and ensure you stay compliant, you’ll have to stick to very specific security measures that will take up a lot of your time and resources. This is a VERY costly and cumbersome option. I don’t advise that you do this.
Better, and cheaper, is to get in touch with your account provider and ask them to set up an internet gateway that has a vault feature.
A vault feature allows you to store cardholder data in a secure fashion and it is managed by your merchant account providers’ internet gateway. Furthermore, you don’t have to worry about accidently exposing your customers’ cardholder data to internet thieves.
2. Specific terminals in your POS
You need to make sure you’re using card readers designed with PCI compliance in mind. Look here to view a list of PCI approved devices.
If you have customers and employees swipe cards instead of keying in numbers, for example, these transactions won’t be at as much risk, as you’ll have removed user error from the transaction.
A recent, convenient and secure method for processing credit card payments is by using mobile card-reading apps, provided by companies like RoamData, Paysimple or Square. These apps are required to be PCI compliant on their own, and so long as your Wi-Fi network is secure, this is a great way to safely transfer card data.
3. Test your security regularly
If you feel ready to handle your customers’ card data on your own, talk with your provider and have them run you through everything that needs to get done. They’ll answer any questions and get you started.
Once you’re ready to go, make sure you establish an effective security protocol – including secure card readers as mentioned earlier, as well as antivirus software and complex passwords— and be sure to update and test them often to make sure they’re up to speed.
You might also want to consider setting up a separate network just for retaining customer information; if it’s not in your larger, public network, then only you and your employees will know how to access it, meaning fewer security measures required to stay PCI compliant.
Whether you protect your data yourself or have your provider do it, develop a routine for checking your security’s strength, and your transaction safety will be worry-free.
4. Send reports to your provider consistently
Figure out a schedule for compiling the results and sending this data to your account provider. Doing this will help you make sure you’re staying PCI compliant, and will give them the opportunity to explain what areas need improvement.
The more you communicate with your provider about this aspect of your business, the less you’ll have to worry about accidentally compromising your clients’ credit card information. Those guys know what they’re doing; if there’s anything they think you need to take care of, they’ll say so, and tell you how you can get it done.
Bob Russo, general manager of the PCI Security Standards Council, says “the rule is if you store, process or transmit credit card data you must be compliant with the PCI standards. And that’s a global rule.” If you don’t handle this, you could be facing payments of $15-$25 in non-compliance fees, as well as gaining a bad reputation among customers if any of your information gets hacked.
It sounds scary, but it’s not difficult to deal with. Take action and follow the tips I’ve shown you to make sure your company provides security for your customers.