Are You Keeping Your Customers’ Payment Information Safe?
PCI DSS stands for the Payment Card Industry Data Security Standard. It’s got a lot of branches, but the main concept isn’t tricky to grasp. Basically, it’s a set of rules that protects you and your customers from fraud. Simple, right? Bear with us for a moment, and we’ll explain it a bit further.
A Bit Of Background About PCI DSS
PCI DSS isn’t optional – all businesses who accept card payments have to comply by getting a PCI certificate.
Sounds a little daunting, but all it does is prove that you care about looking after your customers’ information, and that you’re actively taking steps to do it. We’re talking all types of card payments by the way, so that includes online, by mail, over the phone, or using card machines.
The PCI standards have been carefully designed so that compliance with them seals up your company’s vulnerabilities to criminals and hackers. It was dreamed up by the minds at some of the world’s leading credit card companies: Visa, Mastercard, American Express, Discover, and JCB International. In 2006, these finance giants joined forces to form the PCI Security Standards Council, which is the organisation that oversees and regulates the Standards today.
So What Is The PCI DSS?
Here at 21 Digital, we’ve got some good news for you on that front. To be honest, a lot of the standard falls into the common sense category, and most businesses meet at least a couple by default almost as soon as they’ve started up.
Here’s a quick breakdown of what the standard involves:
Building A Secure Network And Protecting Cardholder Data
- Installing and maintaining a firewall to protect your data
- Changing your passwords from the defaults
- Using encryption to protect stored data
- Encrypting the transmission of that data and other sensitive information when sending it across a public network
- Updating your anti-virus software, and checking it every so often
- Making sure your sensitive systems and applications are well and truly secure
Testing And Monitoring Networks, Controlling Secure Access
- Restricting access to data by need-to-know (a guy in the graphics department, for example, doesn’t need to know financial details)
- Assigning unique IDs – no two employees should have the same login
- Keep physical data locked and hidden away
- Keep track of any and all access to networks and customer information – make sure no one is looking at something they shouldn’t be
How Can I Be Sure I’m Being Compliant?
The short answer is that it depends on your business. The Standards puts you into one of four categories, depending on the size of your company and how many card transactions you go through every year.
The easiest way to make sure you’re toeing the right line is to have a quick chat with your acquiring bank. (That’s whoever you use for your business bank account.) They’ll be able to point you in the right direction and tell you if there are any extra steps you need to take – if any!
At 21 Digital, we’ve got a bunch of friendly chaps here in the office who’d like nothing better than to help you make it on the web. Whether that means increasing your sales leads, giving your social-media marketing a bit of a boost or just increasing traffic to your website, we’ve got the know-how to get it done. Give us a call on 01254 660 500 – let’s talk!
Don’t forget to follow us on Twitter: @21Digital_Ltd