The Merchant processing guru Tip#14 Continued: PCI Compliance.
Continuing to process your credit cards through your POS system will also require you to have your network scanned periodically by a PCI SSC third party approved vendor, about 4 times a year, and incur a cost of approximately $200-$300 per year. You will be required to have all your new hires undergo a background check, cost approx. $25 per hire (not a bad idea in itself…), Increased password security on your POS systems with lockout access after 6 attempts & a 7 digit password rotated every 90 days. Aggregation files maintained on a separate computer from the network as well as a security log aggregation & retention for a minimum of 90 days to a max of 1 year. Have a headache yet? You will if you decide to continue processing through the POS system on your computer network, and it doesn’t stop there.
If you miss any of these steps and any others that I may have missed then let’s talk about the consequences and penalties should a breach occur and you are not 100% compliant! As things stand right now the details about penalties for non compliance are still very vague, what we know is that an acquiring bank can be fined anywhere from $5,000 – $100,000 per month for compliance violations and you can guess who the banks will pass those penalties onto!
My suggestion is, do not continue to process through your computer’s POS system but separate your computer networks from your cardholder environment. This will make your life that much more simple and make things a whole lot more secure for your customers who you want to protect as much as Visa & MasterCard do, as they are your life blood. If you have any further questions about getting a standalone credit card processing terminal for your business to replace your PC based card processing and how you can get one free of charge, then feel free to get in touch with me at: [email protected]