PCI Compliance & Your Business

PCI Compliance & Your Business

Does your business ever handle credit or debit cards? YES, of course it does! Over 8 billion debit & credit card transactions happen per year. PCI Compliance can often be a scary & overwhelming consideration for many Small-to-Medium businesses. Learn more about how you can avoid compromise & handle credit cards efficiently & effectively in your business. Also dispel some widespread myths on what’s compliant & out-of-compliance.

Top 3 Compliance Myths

“It’s Not Online, It Won’t Require Compliance Care”

Our number 1 myth of PCI Compliance is specific to physical information & security. While systems that store credit card or debit card data may not have internet access, they still require careful physical handling & security. Is your primary data store secured behind a locked door? Are documents including credit card or debit card data handled carefully?

“Our Payment Processor Handles All Financial Transaction Data”

This can be beneficial to your SMB in containing the risk of storing financial data, while simultaneously handling compliance liability over to a 3rd party. Many modern SMB POS systems such as Square & Paypal will facilitate financial data management, though, liabilities still exist. PCI Compliance isn’t specific to financial data solely; as mishandled personal data can result in out-of-compliance behavior in company culture. Careless handling of customer / personal data can result in more than a fine, you could lose your business license.

“Internet Firewall & Router Hardware Was Provided by Our ISP”

Commercial Internet Service Providers (ISP’s) are not required to provide you PCI Compliant hardware when “turning up” your services. Some hardware is reused, reissued, & inherently can leave your business open to breaking attack surfaces or compromise methods. Use enterprise commercial networking hardware with a focus on compliance & security. Capes & Powers recommends Cisco Meraki, where we safely manage over 5,000 end points daily.

Ask about our FREE Security Assessment: 206-915-3660

A Physical Security Focus

Almost all modern internet connected technology can be secured from online intruders, though even the most reputable technology reiterates physical security necessity. Any device that can be physically accessed can almost always be “Reset to Factory Defaults”. Any ethernet port physically accessible can allow local network access. Any PC in an insecure physical environment can be stolen or damaged. Some modern POS devices (such as tablets, iPads) can be major compliance concern points if lacking even a simple “bike lock” mount; in 2017 a laptop or mobile device was stolen every 53 seconds.

PCI Compliance is NOT an Interpretation

There are numerous ways you can tidy up compliance concerns using varying tools, vendors, hardware, & software. What is important to note, PCI Compliance is never an interpretation; compliance requirements are very black & white. You are either compliant, or out of compliance. Knowing that, it is your responsibility to maintain compliance as a business owner. Make the right choice in asking for help, choose a reputable team with a wide array of support services.

We’ve seen clients being “scanned” & charged as much as $50 a month for a PCI Compliance report, without any resolution. We recommend a more hands on approach; knowing you’re out of compliance is the first step to securing your transaction & financial data- though finding the right team to help you walk the path to compliance is an accountable way to safely facilitate credit and debit card transactions.

Ask us about our FREE security assessment. Arm yourself with the knowledge and a promising path to resolution using a Local, Professional Security Team: Capes & Powers.