KEEPING THE BAD GUYS OUT - PCI Credit Card Security For Small Retailers
We've all purchased something in a shop with our credit/debit card. Some will say 'it’s fine – there’s no risk of my card information being lost or stolen” while others will say “I don’t know – what if'?
We’ve heard and seen the media exposing security breaches in large multinational organisations where credit card information, medical records and even social security (PPS) numbers have been stolen or lost on a laptop or emailed to someone in error. In an effort to shore up and standardise their defences, these large organisations have become compliant with PCI DSS. The Payment Card Industry (PCI) Data Security Standard (DSS) is mandatory if your company stores, processes, or transmits payment cardholder data. The trick to becoming compliant is all about understanding the complexity of the requirements – especially the technical parts. Becoming compliant is surprisingly easy.
Now that these companies are more difficult to steal from - computer hackers, identity thieves’ and-the-likes are now targeting smaller organisations that do not have the technology, resources or, more importantly, the knowhow & understanding of protecting such important information.
For example, most pharmacies, at least where I live in Dublin, are trusted advisors and sometimes the unofficial doctors when the doctor is not available or it’s out of hours or the advice simply does not require a two hour spell in a waiting room. Pharmacists maintain confidence and evoke trust in customers by providing a remedy in a quiet whisper and ensuring you feel you have support and someone to turn to if needed. Imagine if this community spirit and earned trust was lost because the data on your computer system was lost or stolen.
This PCI DSS standard, which is supported by the major credit card companies, is a way of measuring your level of security fitness – to protect ANY special records containing customer data you may have in your computers (at home or in your shop).
It’s important to understand - do I have this type of data on my computer or network and where exactly is it stored? PixAlert PCI DSS Assessment tool searches for credit card information but can also look for things like PPS numbers and personal information like date of birth, contact details, addresses. The standard is not just for you if you have significant credit card information. It’s a way of making sure you have made every effort to keep the bad guys out and your customer’s records safe. Equally, it’s a very important step towards protecting your local reputation. Before you head home every evening you probably ensure you have locked the drugs counter and secured paper files - do you conduct the same process with your computer?
Before a business can start to protect sensitive and valuable card holder data (CHD), the first step is to find and document where CHD is stored within a system. PixAlert’s PCI Automated SCOPE Assessment solution provides a fully automated mechanism to find where CHD is stored on any part of the network. This helps businesses understand the scale of their credit card vulnerabilities while creating the necessary groundwork for successful compliance.
Article Author: Vivian Cullen, Head Of International Business Development, PixAlert
Date: 16th August 2012