IT BEST PRACTICES

Subscribe to
IT Best Practices.

STAY CONNECTED

    Industry series: Why Proper Data Centers Are Crucial for Retail

    We are inching toward becoming a cashless society. In fact, 60% of transactions are now made with a credit or debit card. Pair that with services like Apple Pay, PayPal and Google Wallet, and paper money is likely to continue to decrease in popularity.

    That means your retail business relies on these digital payment methods to stay afloat. It also means you are at the mercy of PCI regulations that protect customer data.

    Of course, processing the influx of these noncash payments often requires the help of a data center. That’s why it is so invaluable to understand the Payment Card Industry Data Security Standard’s (PCI DSS’) requirements.

    Here is a brief look at the basic requirements and importance of PCI in the retail data center:

    UNDERSTANDING PCI DSS

    Payments that happen online or processed digitally, are subject to The Payment Card Industry Data Security Standard—a set of regulations and requirements that were created with the protection of cardholder data in mind. Since 2005, all major credit card companies (Visa, AmEx, Discover, JCB, and MasterCard) have followed the standard set forth by the Payment Card Industry Council.

    Any merchant that accepts credit card payments is responsible for following PCI protocol, regardless of size or transaction volume. Still, those that handle a large volume of annual transactions are subject to more compliance checks and audits.

    At minimum, to remain compliant, merchants and retailers who process, store or transmit sensitive credit card data must:

    • Fill out thorough self-assessment questionnaires. (SAQs)
    • Conduct regular security audits.
    • Hire an Approved Scanning Vendor (ASV) to assess website and server vulnerability.

    Additionally, retail merchants need to comply with 12 separate requirements in six individual categories.

    BUILD AND MAINTAIN A SECURE NETWORK

    • Requirement 1- Install and maintain a firewall.
    • Requirement 2- Do not use vendor-supplied defaults for system passwords or other security parameters.

    PROTECT CARDHOLDER DATA

    • Requirement 3- Protect stored cardholder data.
    • Requirement 4- Encrypt transmission or cardholder data across public networks.

    MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM

    • Requirement 5- Protect all systems against malware and regularly update anti-virus programs.
    • Requirement 6- Develop and maintain secure systems and applications.

    IMPLEMENT STRONG ACCESS CONTROL MEASURES

    • Requirement 7- Restrict access to cardholder data by business need-to know.
    • Requirement 8- Identify and authenticate access to system components.
    • Requirement 9- Restrict physical access to cardholder data.

    REGULARLY TEST AND MONITOR NETWORKS

    • Requirement 10- Track and monitor all access to network resources and card holder data.
    • Requirement 11- Regularly test security systems and processes.

    MAINTAIN AN INFORMATION SECURITY POLICY

    • Requirement 12- Maintain an information security policy.

    WHY IS PCI COMPLIANCE SO IMPORTANT?

    Whether processing, storing or transmitting data, merchants can have their businesses practically ruined by failing to properly protect customer card data. From loss of reputation to hefty fines, it is non-negotiable for retailers.

    The PCI Security Standards Council website explains in very plain language that, “If cardholder data is stolen – and it’s your fault – you could incur fines, penalties, even termination of the right to accept payment cards!”

    Following PCI standards secures your business’ longevity and allows customers to shop easy when making purchases in your brick and mortar or online store.

    In short, PCI non-compliance can result in more than just fines. While they alone may be enough to sink your business, there is virtually no coming back if you lost the trust of your customers.

    Need help to ensure you are PCI compliant? Our data centers are PCI compliant and audited. Contact us to find out how we can keep your retail business secure.

    Industry series: Why Proper Data Centers Are Crucial for Retail

    We are inching toward becoming a cashless society. In fact, 60% of transactions are now made with a credit or debit card. Pair that with services like Apple Pay, PayPal and Google Wallet, and paper money is likely to continue to decrease in popularity.

    That means your retail business relies on these digital payment methods to stay afloat. It also means you are at the mercy of PCI regulations that protect customer data.

    Of course, processing the influx of these noncash payments often requires the help of a data center. That’s why it is so invaluable to understand the Payment Card Industry Data Security Standard’s (PCI DSS’) requirements.

    Here is a brief look at the basic requirements and importance of PCI in the retail data center:

    UNDERSTANDING PCI DSS

    Payments that happen online or processed digitally, are subject to The Payment Card Industry Data Security Standard—a set of regulations and requirements that were created with the protection of cardholder data in mind. Since 2005, all major credit card companies (Visa, AmEx, Discover, JCB, and MasterCard) have followed the standard set forth by the Payment Card Industry Council.

    Any merchant that accepts credit card payments is responsible for following PCI protocol, regardless of size or transaction volume. Still, those that handle a large volume of annual transactions are subject to more compliance checks and audits.

    At minimum, to remain compliant, merchants and retailers who process, store or transmit sensitive credit card data must:

    • Fill out thorough self-assessment questionnaires. (SAQs)
    • Conduct regular security audits.
    • Hire an Approved Scanning Vendor (ASV) to assess website and server vulnerability.

    Additionally, retail merchants need to comply with 12 separate requirements in six individual categories.

    BUILD AND MAINTAIN A SECURE NETWORK

    • Requirement 1- Install and maintain a firewall.
    • Requirement 2- Do not use vendor-supplied defaults for system passwords or other security parameters.

    PROTECT CARDHOLDER DATA

    • Requirement 3- Protect stored cardholder data.
    • Requirement 4- Encrypt transmission or cardholder data across public networks.

    MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM

    • Requirement 5- Protect all systems against malware and regularly update anti-virus programs.
    • Requirement 6- Develop and maintain secure systems and applications.

    IMPLEMENT STRONG ACCESS CONTROL MEASURES

    • Requirement 7- Restrict access to cardholder data by business need-to know.
    • Requirement 8- Identify and authenticate access to system components.
    • Requirement 9- Restrict physical access to cardholder data.

    REGULARLY TEST AND MONITOR NETWORKS

    • Requirement 10- Track and monitor all access to network resources and card holder data.
    • Requirement 11- Regularly test security systems and processes.

    MAINTAIN AN INFORMATION SECURITY POLICY

    • Requirement 12- Maintain an information security policy.

    WHY IS PCI COMPLIANCE SO IMPORTANT?

    Whether processing, storing or transmitting data, merchants can have their businesses practically ruined by failing to properly protect customer card data. From loss of reputation to hefty fines, it is non-negotiable for retailers.

    The PCI Security Standards Council website explains in very plain language that, “If cardholder data is stolen – and it’s your fault – you could incur fines, penalties, even termination of the right to accept payment cards!”

    Following PCI standards secures your business’ longevity and allows customers to shop easy when making purchases in your brick and mortar or online store.

    In short, PCI non-compliance can result in more than just fines. While they alone may be enough to sink your business, there is virtually no coming back if you lost the trust of your customers.

    Need help to ensure you are PCI compliant? Our data centers are PCI compliant and audited. Contact us to find out how we can keep your retail business secure.

    Subscribe to
    IT Best Practices.

    STAY CONNECTED

      ALL ARTICLES

      Cloud Services

      Component Highlight: Veeam Data Protection and Backup

      READ MORE
      Cloud Services

      Meet the team – A word (or two) from our CEO, Reyner Natahamidjaja

      READ MORE
      Cloud Services

      Why you need a full cloud platform, and the pitfalls of going piecemeal

      READ MORE
      Cloud Services

      Component Highlight: IBM Flash Storage

      READ MORE
      Cloud Services

      Can You Trust Your Old Data with Hyperscale Providers?

      READ MORE
      Cloud Services

      Increasing Data Integrity & Security through multi-site replication with CloudKey

      READ MORE
      Cloud Services

      The Dissolution of AWS and their Cloud Monopoly

      READ MORE
      Cloud Services

      Meet the team – The Insights of Chris Martin

      READ MORE
      Cloud Services

      Component Highlight: Palo Alto Firewalls and Edge Security Services

      READ MORE
      Cloud Services

      How the right cloud platform can reduce your RTO and RPO

      READ MORE

      You Have The Momentum. We Help Keep It Going.

      At Global IP Networks, our mission is to keep your net working. Our team of dedicated, certified IT experts is 100% committed to your success. For over 20 years, we’ve relentlessly helped companies like yours tackle their IT challenges to maximize the security, uptime and performance of their networks.

      That’s tenacity. That’s Global IP Networks.

      wLearn More