Credit Card Processing: Hardware & Software Compliance
Credit card payments are as fundamental to your fiscal stability as customers: you simply cannot do business without them. But are your transactions safe? If your credit card processing equipment is out of compliance, the answer is “NO”.
Just like your business, the credit card processing hardware and software that you use to accept credit card payments must meet all current government and payment card industry security standards. Meeting these standards helps to ensure that your customers’ valuable information is safe and that your business is protected against fraud, data theft and penalties.
What’s at stake?
If your customers’ credit card information or other personal information is stolen or otherwise compromised (in what’s known as a data breach), the consequences could be disastrous. If you are out of compliance and suffer a data breach, you could see losses in the form of fines and chargebacks. Worse, you could lose your customers’ trust.
What is hardware/software compliance?
Compliance simply means that all of your credit card processing equipment (hardware and software) meets the requirements set forth by the Payment Card Industry (PCI) Security Standards Council. The council was founded by the five major credit card companies — Visa, MasterCard, Discover, American Express and JCB International — to enforce the PCI Data Security Standards (PCI DSS). To be in compliance, hardware and software must meet the 12 requirements outlined in the PCI DSS, as well as Payment Application Best Practices (PABP).
How do I know if my hardware/software is compliant?
The best way to ensure compliance is to have your equipment evaluated through a compliance scan. Compliance scans check your operating systems, networks, servers and devices for vulnerabilities that could result in a data breach. Because of the sensitive nature of the data involved, quarterly scans are strongly recommended by the PCI Security Standards Council and can only be conducted by an approved scanning vendor.
Terminal Compliance – See where your credit card processing terminal falls on the PCI compliance scale.
Software Compliance – Find out if your credit card processing software is PCI compliant.
How do I maintain compliance?
Once you get compliant you need to stay compliant. That means making sure that your business is virtually and physically secure. To maintain compliance, you must protect your:
network: the operating system you use for credit card processing
terminal: the device you use to take credit card payments
software: the credit card processing program with which you accept payment
Make it a top priority to ensure that your network is configured for maximum security and compliance. If your system isn’t properly configured (including using complex encryption algorithms), all the data within your network is at risk.
Nearly half of the data breaches that occur are through point of sale (POS) terminals that are out of compliance. This has become such a concern that MasterCard has instituted a POS Terminal Security program requiring regular equipment evaluations.
If your software is not secure, neither is any of the information you’re using to process payments, including credit card numbers, expiration dates and customers’ personal information. Noncompliant software is a data breach in the making.
Get Compliant Today!
The first step to finding out if your equipment is in compliance is to complete a self-assessment questionnaire. By following this process, you will determine whether your equipment is compliant. If not, there are established steps you can take to achieve regulatory compliance.