PCI DSS and your business

In our previous post, we discussed the 12 requirements of PCI DSS. Today, we’ll talk about how these requirements will affect your business.

How does PCI DSS affect your business?

PCI DSS is dramatically changing credit card payment processing. Here are some costs and benefits you should be aware of.

• Costly Upgrades. The state of your current systems will determine how PCI DSS affects your business. If your systems meet the current requirements, then PCI DSS will not affect your business. However, if your systems do not meet PCI DSS requirements, you may have to upgrade your systems. Speak to your payment processor about the most cost-effective way to become PCI DSS compliant.
• Safe Harbour Status. One of the main benefits of becoming PCI DSS compliant is that you will attain safe harbour status. Safe harbour status protects you from fines in the event of a security breach. In the unfortunate event that a customer sues you, the court will be more lenient with you if you have safe harbour status. In order to benefit from safe harbour status, all security requirements must be in place.
• Fines. If your business is not PCI DSS compliant, it may be audited, fined, or sued. In the worst-case scenario, your business may lose the right to process credit cards entirely.

What are the documentation requirements for PCI DSS?

Documentation requirements depend on your business’s volume of credit card payment processing.

• Businesses that handle up

… Read more

PCI DSS and credit card payment processing

The Payment Card Industry Data Security Standard (PCI DSS) is the major regulatory change that you are likely to face this year. We recently provided an overview of PCI DSS. In this article, we’ll discuss it in more detail.

What is PCI DSS?

The PCI Security Standards Council developed PCI DSS to increase data security in credit card payment processing. The PCI DSS applies to all organizations that transmit, process, or store credit card data. Note that while the PCI Security Standards Council developed PCI DSS, the regulations are actually enforced by credit card associations like Visa, MasterCard and American Express.

The PCI DSS has six “control objectives” that include a total of 12 compliance requirements. According to the PCI Security Standards Council, the control objectives are:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data
Requirement 3: Protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software.
Requirement 6: Develop and maintain secure systems and applications.

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know.
Requirement 8: Assign a unique ID to each person with computer access.
Requirement 9: Restrict physical … Read more

The payment processing industry is facing many exciting changes in 2010. These changes are:

• Regulatory driven, by PCI DSS, and chip and PIN technology
• Consumer driven, by mobile technology and the entry of Visa Debit.

These changes present new challenges and opportunities for all card-accepting merchants and include:

• Regulatory driven changes
• Consumer driven changes
• PCI compliance
• Chip and PIN technology
• Mobile technology
• Visa debit

Over the next few articles, we’ll take a more detailed look at these industry changes. Today, we’ll talk about regulatory driven changes in the payment processing industry.

Regulatory driven changes

Payment Card Industry Data Security Standard (PCI DSS)

The biggest regulatory change to impact your business in 2010 is the introduction of the Payment Card Industry Data Security Standard (PCI DSS).

What is PCI DSS?

The PCI DSS is a set of 12 requirements that covers everything from developing a secure network to maintaining an information security policy.

How does PCI DSS affect your business?

First, you may have to change your current systems in order to meet PCI DSS standards. If your current payment processing system is up-to-date, you may only need a slight upgrade. If your system is old, it may be worth getting a new system. Contact your payment processor to determine which option is best for your business.

Second, you must document your security compliance. There are two categories of PCI DSS merchants. The amount of documentation required depends on which category you are in.

• Lower level merchants have up to

… Read more