Is Your Company At Risk from a Breach?

The short answer to the question “Is Your Company At Risk from a Breach?” is yes. This is why you must be diligent and have controls in place to mitigate the risks you have as a business owner, whether you are a service provider, a retailer or a restaurant.

The Payment Card Industry organization (better known as PCI) says ”The best way to maximize security of cardholder data is to continuously monitor and enforce the use of controls specified in the PCI Data Security Standard.”

Okay you ask…how do I do this?

There are 3 easy steps to take to help reduce risk and practice safe credit card and payment processing:

  1. Evaluate
  2. Remedy
  3. Report

1. Routinely follow a process to evaluate cardholder data by assessing your Information Technology (IT) hardware equipment, software and records. Assess possible risks in your business processes related to accepting payments via credit card, EFT or ACH.

For example:

– Do you have a security system running in your place of business?

– Is it something you can monitor externally?

– Could someone or something in your business leave data ports open to outsiders?

– Do you run both internal and external scans and retain log files?

2. Remedy the situation by fixing these risky exposures and be sure to eliminate the storage of credit cardholder data unless absolutely necessary.

For example:

– Could someone (or a system) in your business be documenting cardholder data that is outside of the PCI standards? Such as:

  • Writing down credit card numbers
  • Keeping card information on file in a database
  • Using older versions of Point-of-Sale systems that do not encrypt data adequately
  • Systems that inadvertently allow remote access across a network or via data ports that are accessible to outsiders

3. Report. It isn’t any simpler than this. Be sure to complete and submit the required reports to the appropriate acquiring bank and card brands through your PCI audit guidelines.

For example:

– Submit and file the PCI documentation as recommended.

We know that this is a complicated topic and one that is very important to all business holders. To think that Experion, one of the largest credit reporting agencies, could have a breach of their data means that everyone needs to be more diligent than ever. Be sure to follow the most current guidelines.

We do our part, too. TransAct runs internal vulnerability scans every business day.  Of course, this does not mean you do not have to run your required audits you still have to do that.

If you have any questions and want to enhance or update PCI Compliance process, please contact us.

~  Mary Ann