Decoding PCI

We live, now, in post-PCI compliance world.

If you are unfamiliar with what PCI compliance is and how it affects your business, please refer to the current requirements and basic information on information security here: www.pcisecuritystandards.org. For far too many, compliance and information security is an afterthought to the purchase of a point-of-sale system. By the time the issue becomes critical, it may well be because of a breach to information that was assumed to be secure. To begin the march to PCI compliance, here are a few tips for your first steps.


Education


The first step, naturally, is to familiarize yourself with the aspects of PCI compliance and understand what it means for your business. At its heart, PCI compliance is the set of security standards and practices that you must provide to ensure your credit card data is stored and transacted securely. Because the magnetic strip on the backs of most credit and debit cards is not encrypted, the credit companies have placed the onus of responsibility for protecting that unencrypted data on the business owner. The PCI Security website offers further information on the required steps here: https://www.pcisecuritystandards.org/security_standards/index.php. Many of the required steps must be undertaken by the individual in charge of operations, simple things like the access of personnel to the room in which the credit card-processing computer is located, or the changing of a password on the computer, but many involve initial set-up.


Verify Approval


First of all, ensure that the Point-of-Sale system you are purchasing has been approved for compliance, as well as any additional software used by technicians to remotely access your location, and/or credit card software is likewise approved. Beyond making sure that the software you purchase is on the approved list, you must also take care that the operating system used by your equipment is supported. Anything prior to Windows XP is no longer supported, and XP itself is only scheduled for acceptance for the next couple of years.


Illegal access and obtaining of credit card and personal data is on the downswing currently, with retail showing higher numbers in that regard. By familiarizing yourself with the PCI-DSS standards and asking some tough question of your software and hardware vendors, you can begin the journey to compliance with confidence.