Payment Processing, PCI and You
No matter what size facility you are, in order to stay in business you must receive payment for your services and goods. When you start processing payments, you enter the world of acronyms: CC, PCI DSS, ACH, EFT . . . the list goes on. Today, let’s focus on PCI DSS.
PCI DSS is the Payment Card Industry Data Security Standard. This set of requirements is designed to help reduce compromises of data and its effects, should a security breach in your system or data occur.
All businesses and payment processing solutions that manage transactions must comply with some key measures, such as not storing sensitive authentication or cardholder data, to be compliant with PCI DSS standards. Information such as PINs and magnetic stripe data should not be retained by your Point-of-Sale (POS) or payment processing solution. In addition, the PCI Security Standards organization encourages all vendors and payment processing companies to follow “if you don’t need it, don’t store it.” If you do need specific data, then consolidate and isolate it.
Your payment processing solution should be compliant with PCI DSS. In addition to ensuring you are using a PCI compliant solution, there are measures you can take within your facility to increase data security and reduce risk of fraud.
Use a Dedicated Computer for Transaction Processing
Best practices encourage facilities to process payments on a separate machine using network segmentation — in other words, make sure you have a firewall with a secure router in place for the computer that processes Point of Sale (POS) or membership sales. Don’t check email on your POS computer.
If you use a program for checking in members or handling contracts, dedicate one for your POS transactions and a separate one for check in and customer management. Once again, avoiding use of the computer for personal email reduces risk of a security breach.
Use Strong Passwords and Require Logins
With the increased focus on mobile apps and mobile accessibility, one simple area that you have control over is passwords and logins. Changing your password often and complying with more complex password standards helps reduce risk that your applications and data can be breached.
Performing these activities are ways you can show your customers that you care about protecting their data. As a result, your customers will feel more confident in your ability to keep their information safe.
PCI DSS compliance requires steps by your facility and your payment processing solution to ensure the security of your data. You can learn more by visiting www.pcisecuritystandards.org and reviewing the Self-Assessment Questionnaire for your business.
Susan McLain works for Affiliated Acceptance Corporation and has written for many industries, including sales and use tax, digital signage and financial services. She can be reached at firstname.lastname@example.org.