Depending on the size of your business and the sector you’re in, you may not give much thought to keeping credit card payment systems secure. Typically on the blog, we talk about keeping your whole network secure, but in this post we’ll discuss what PCI compliance is and show you how Crown Computers can help with your compliance needs.
What is PCI Compliance and Who Needs It?
For any company who accepts credit card transactions, PCI DSS is a set of security standards that protect customer information from being stolen. No matter how many credit card transactions your process each year, your company is responsible for implementing the standard. If you’re out of compliance with the standard or have a data breach, you could be charged fees and fines by a payment processor or merchant account provider. These fines can be costly and they’re totally avoidable. Being non-compliant and having a breach could land you a steep $500,000 fine.
While that sounds pretty serious, PCI compliance isn’t the same kind of compliance that you need to meet for cyber insurance purposes. Those forms of compliance often come with a great deal of scrutiny and requirements, where PCI compliance is often administered (at least for small and medium businesses) through a self-assessment. Fines can be dealt out by credit card companies and banks for breaches and payment processors change a fee for non-compliance, which isn’t exactly the same as breaking a law or regulation.
Before something goes wrong, you’ll want to make sure that you’re compliant with the standard, but that can simply be a part of a bigger plan for your company’s data security. Assessing and planning your network security, making sure your software and hardware are up-to-date, setting up access control (both physical and through user authentication), incident response planning—these are necessities for all of your company’s data, not just customer payment information.
How Your Managed Services Provider Can Help
The steps to being PCI compliant include maintaining a secure network with a firewall, protecting account data by encrypting it during transmission, implementing strong access control measures, and regular monitoring and testing of networks. Since the standard includes a lot of things that you should also be doing to protect your proprietary and sensitive data already, you can worry about implementing your payment systems to be the best fit for your use-case, easy for you to use, and reliable.
As your MSP, Crown Computers tailors custom security solutions for keeping your network and cloud safe. PCI compliance, just like keeping your other data secure, is a long-term operation, and not something that you just buy and set up. Having a security team who can monitor and respond to threats, craft secure storage solutions, and help educate your employees on best practices for security can pretty much get you to compliance.
With that kind of top-notch security, you can set up your payment systems on a network that you have confidence in and know that your customers’ data is safe and that you won’t be risking a huge fine if something goes wrong.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team