What is PCI DSS?
Many merchants ask me this question and want to know how it will affect their business. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements developed by the major credit card companies to enhance credit card data security. These requirements only apply to e-commerce merchants or merchants that are using an online payment gateway. In recent years there have been many card industry security breaches. It became apparent that there needed to be specific guidelines for all merchant services providers that store card holder data and all merchants that pass data through their terminal.
According to the bank card associations, in October 2008 any merchant that applies for a new merchant ID from any credit card processing company must be PCI DSS compliant. In some cases this may mean the merchant will have to download a new application into their terminal. By October of 2009, all merchants must be PCI DSS compliant.
If you are using a POS terminal at a retail location, you are still passing data through the system. The application running on your terminal must be an up-to-date version. Most card processors call you to do a download or an upgrade similar to when truncation laws were put into effect. If you have not received a call yet, be proactive and call your card processor to get compliant.
So why is it important for a merchant to be PCI DSS compliant? Well for one thing the members of PCI Security Standards Council (American Express, Discover, JCB International, MasterCard, and Visa) continually monitor cases of account data compromise. A security breach and subsequent compromise of payment card data affects many different entities from card holders to business owners.
If you are a merchant, below are some suggestions from the PCI Data Security Standards website:
- Make sure that sensitive data is never stored. This includes any magnetic stripe information or PIN numbers.
- Find out what type of security is in place from your POS vender. Find out if you need to install a firewall.
- Are complex and unique password required to access your POS system?
- Does your POS Vender have access to your system remotely? If so, who has access?
These things will get you started but make sure to consult PCI DSS Compliance guidelines to make sure you do not end up getting fined.
Contact Pay2Amigos and see how we can help your Business!