The PCI Requirements
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for employees and contractors
What actions have you taken to ensure you meet the above requirements?
It is a requirement that ALL merchants are compliant by December 2011, that includes the smallest of retailer to the largest.
Imagine you are a small shop, your average transaction is £100 per day, it takes roughly 90 days to investigate a fraud, the cost you as a small business will be face with are, your average transaction value x the number of days taken to investigate, in my example this would be £9000, you then have the costs of the card company and a fine of up to £300,000 on top. Yes it is enough to put many a small business out of business, and this has indeed happened. Bear in mind as well, if the costs and fine does not put you out of business, then the banning of being able to take payment by card will almost certainly spell the end for your small enterprise.
To find out more please contact us, we can help ensure that you achieve compliance, remember, it is no longer an option, if you wish to continue taking payment by card, it is Mandatory!