We are inching toward becoming a cashless society. In fact, 60% of transactions are now made with a credit or debit card. Pair that with services like Apple Pay, PayPal and Google Wallet, and paper money is likely to continue to decrease in popularity.
That means your retail business relies on these digital payment methods to stay afloat. It also means you are at the mercy of PCI regulations that protect customer data.
Of course, processing the influx of these noncash payments often requires the help of a data center. That’s why it is so invaluable to understand the Payment Card Industry Data Security Standard’s (PCI DSS’) requirements.
Here is a brief look at the basic requirements and importance of PCI in the retail data center:
UNDERSTANDING PCI DSS
Payments that happen online or processed digitally, are subject to The Payment Card Industry Data Security Standard—a set of regulations and requirements that were created with the protection of cardholder data in mind. Since 2005, all major credit card companies (Visa, AmEx, Discover, JCB, and MasterCard) have followed the standard set forth by the Payment Card Industry Council.
Any merchant that accepts credit card payments is responsible for following PCI protocol, regardless of size or transaction volume. Still, those that handle a large volume of annual transactions are subject to more compliance checks and audits.
At minimum, to remain compliant, merchants and retailers who process, store or transmit sensitive credit card data must:
- Fill out thorough self-assessment questionnaires. (SAQs)
- Conduct regular security audits.
- Hire an Approved Scanning Vendor (ASV) to assess website and server vulnerability.
Additionally, retail merchants need to comply with 12 separate requirements in six individual categories. The NDB Advisory maps out these PCI standards:
BUILD AND MAINTAIN A SECURE NETWORK
- Requirement 1- Install and maintain a firewall.
- Requirement 2- Do not use vendor-supplied defaults for system passwords or other security parameters.
PROTECT CARDHOLDER DATA
- Requirement 3- Protect stored cardholder data.
- Requirement 4- Encrypt transmission or cardholder data across public networks.
MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM
- Requirement 5- Protect all systems against malware and regularly update anti-virus programs.
- Requirement 6- Develop and maintain secure systems and applications.
IMPLEMENT STRONG ACCESS CONTROL MEASURES
- Requirement 7- Restrict access to cardholder data by business need-to know.
- Requirement 8- Identify and authenticate access to system components.
- Requirement 9- Restrict physical access to cardholder data.
REGULARLY TEST AND MONITOR NETWORKS
- Requirement 10- Track and monitor all access to network resources and card holder data.
- Requirement 11- Regularly test security systems and processes.
MAINTAIN AN INFORMATION SECURITY POLICY
- Requirement 12- Maintain an information security policy.
WHY IS PCI COMPLIANCE SO IMPORTANT?
Whether processing, storing or transmitting data, merchants can have their businesses practically ruined by failing to properly protect customer card data. From loss of reputation to hefty fines, it is non-negotiable for retailers.
The PCI Security Standards Council website explains in very plain language that, “If cardholder data is stolen – and it’s your fault – you could incur fines, penalties, even termination of the right to accept payment cards!”
Following PCI standards secures your business’ longevity and allows customers to shop easy when making purchases in your brick and mortar or online store.
In short, PCI non-compliance can result in more than just fines. While they alone may be enough to sink your business, there is virtually no coming back if you lost the trust of your customers.
Need help to ensure you are PCI compliant? Our data centers are PCI compliant and audited. Contact us to find out how we can keep your retail business secure.