New Compliance Rules Each Year
How Do Business Owners Keep Up with New Compliance Rules Each Year?
Business owners already have a lot to worry about regarding changing tax laws and employee wage laws, now they have to add Payment Card Industry Data Security Standards Compliance to the mix. PCI Compliance has evolved with each passing year. Business owners are already up against rules, restrictions, and deadlines that are added every year. Some feel that compliance is expensive or too hard to achieve but achieving PCI Compliance does not have to be difficult.
PCI Compliance is a key element in protecting card holder data. So how can your business stay compliant without breaking the bank?
- Although a firewall provides a first line of defense, by itself it can still leave a website vulnerable. You or your service provider should perform manual reviews of all application source code. There are tools available that auto scan source code for vulnerability and security risks.
- In addition to a standard Network Firewall, it is recommended to put in place a web application firewall between your web server and end-point devices.
- As of September 30th, 2009, all Level 1 and Level 2 merchants who are classified as large merchants (processing one to over six million visa transactions) will no longer be allowed to retain any data that is currently encoded on a magnetic stripe. If you are a merchant that falls into this category, you will be required to do annual onsite PCI Assessment and a quarterly network scan. By September 30th, 2010, acquiring banks must prove that all Level 1 Merchants have demonstrated compliance with the PCI DSS. For more information you can refer to Visa’s website and download compliance policies and procedures.
Compliance regulations get added each year, so my recommendation is to stay ahead of pack. A small amount of money invested in security now can save you a lot of money in fines and lost data later.