Do You Think PCI Compliance Is Enough? Think Again.
In 2006, in an effort to boost security and prevent credit card fraud, the major credit card companies came together and crafted the Payment Card Industry Data Security Standard (PCI DSS) to serve as a guideline for organizations that accept and process credit card payments. While PCI DSS is certainly a step in the right direction, a major problem still exists: PCI DSS doesn’t prohibit organizations from storing credit card information; it merely provides guidelines on strategies for storing the information more securely.
PCI Compliance—The Missing Link
Despite these guidelines, innovative hackers still find ways into systems. And guess who’s responsible if there’s a breach and credit card data is stolen—even if your organization is “PCI Compliant”? That’s right—you are. While larger corporations have deep pockets and can usually weather a security breach (at least in terms of monetary damage; bad press is another issue), many small and mid-sized organizations can’t.
How Can You Go Beyond PCI Compliance?
To go “beyond PCI,” follow these three rules:
-
If you’re using an online system, check with your ISP, hosting company, or software vendor and make sure that credit card numbers are not stored anywhere in their systems.
-
If you’re a retailer, make sure you are using an encrypted card reader! To verify this, simply open up Windows Notepad and swipe a credit card. If you can see a credit card number visible, then you are not using an encrypted card reader and you should.
-
Always ensure that online transactions are using secure pages.
Bottom line? Never store a credit card number, regardless if it’s encrypted or not.
At Premier POS, We Go Beyond PCI Compliance.
We never ever store credit card information. It’s the peace of mind we need to ensure that you have the peace of mind you need. We take your security—and ours—seriously.
Learn more about PCI Compliance from the PCI Security Standards Council.