Simplify PCI Compliance for Data Security

Posted by: Today's Tip Contributor on June 11, 2010

If your business accepts credit or debit payments, it’s likely that you’re required to comply with the Payment Card Industry Data Security Standard. PCI DSS was created in 2006 to establish minimum data security measures for organizations around the world that hold, process, or exchange cardholder information from any of the major card brands. These security measures are reviewed and revised on a rotating two-year schedule to be sure they remain adequate in protecting sensitive data.

Becoming PCI-compliant may mean incurring new costs, but finding the right resources and technology can help you avoid incurring unnecessary costs. Said differently, it is possible to spend too much money on security. Fortunately, resources are available to help small businesses reduce the cost and complexity of PCI compliance so you can focus on cash flow, profitability, and customer service. Consider the following.

Talk to your acquiring bank or knowledgeable business payments adviser. These companies may have resources available to help you achieve and maintain your compliance.

1. Reduce your vulnerabilities. Every computer system, filing cabinet, or application that uses or stores sensitive card data falls under PCI compliance purview. If possible, limit data usage to applications directly pertaining to payments (e.g. transaction authentication, daily settlements).

2. Weigh your technology decision carefully. Look for flexible, technology-agnostic solutions—ones that work with your system regardless of your point-of-sale hardware, card association, or processing relationship—and solutions that effectively remove data from your environment while allowing access when needed.

3. Make a long-term commitment. Develop a thorough, proactive compliance strategy to protect your business’s future. Protecting customer card data requires ongoing effort.

Investing in data security measures can help safeguard your business even as it protects customer data. High-profile data breaches serve as a reminder that the cost of prevention is likely far less than the potentially devastating costs of a data breach or other major violation.

Craig Tieken
Vice-President, Merchant Product Management
First Data
Atlanta

Reader Comments

Cindy Valladares

June 11, 2010 1:09 PM

Craig, good points. I particularly like #3, making it a long-term commitment. Often we see customers wanting just to pass the audit. This approach not only exposes organizations to potential security breaches, but also increases the cost of compliance.
The PCI Security Council has some great resources for people who are just getting started with PCI DSS as well.

Bradley Cyprus

June 14, 2010 11:37 AM

PCI is not an option if a merchant accepts credit cards. Everyone is required to comply with the standard. The deadlines for compliance have already passed for all sizes of merchants.

PCI should be thought of as a goal where security is implemented and continually maintained. The standard gives merchants insight as to what they should be doing to protect data, but good security requires constant vigilance for it to be truly effective.

When a customer hands over their credit card for payment, they expect that their sensitive data will be protected. It is the responsibility of the merchant to safeguard that data like it was their own, and if they are not up to the task, then they should either fall back to only accepting cash or get professional help to manage their security.

Post a comment

 

About

Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.

To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.

BW Mall - Sponsored Links

Buy a link now!