The Merchant Processing Guru Tip#14: PCI DSS Compliance – What is it and is it relevant to you?

An example of street markets accepting credit ...
Image via Wikipedia

The Merchant Processing Guru Tip#14: PCI DSS Compliance – What is it and is it relevant to you?

The credit card processing industry has been going through some changes over the last few years since the creation of the Payment Card Industry Security Standards Council (PCI SSC) that was created on September 7, 2006 to combat the growing problem of security in the industry. PCI DSS means “Payment Card Industry Data Security Standard” and is setting a new “Standard” for the payment card industry to attain. It is focused on reducing the ability of someone to obtain sensitive credit card information and even though it applies to anyone who accepts credit cards as a form of payment, I will try to simplify things a little and explain who is most affected and why.

The weakest link, so to speak, when it comes to data security has been with computer software programs that are vulnerable to hackers breaking in and obtaining cardholder information. Therefore, anyone using their computer to store or processing credit card information will need to pay close attention to these new guidelines and check to see if they are in compliance. If you use a software package such as PC Charge or IC Verify for instance then you should check to see what version you are using. If the version is too old, it could be outside of PCI compliance requirements and you should either consider upgrading to a later version or changing your method of processing your transactions. The latter can sometimes be more cost effective especially when you take into consideration that the software you upgrade to could only have a year or two until it too will expire due to PCI updates etc. So before you go spending hundreds of dollars on upgrading your software, only to find out that it will expire shortly afterward, let’s see if another solution could work just as well for your needs. Tune in to my next post where I will talk about some other aspect of PCI compliance that are critical for you to know. To read up some more on PCI compliance go to any of these sites:

PCI Security Standards

PCI Self Assessment Questionnaire

Visa Risk Management

Visa instructions on what to do if your data is compromised

MasterCard

List of Qualified Security Assessors (QSAs)

List of Approved Scanning Vendors (ASVs)

For any questions about your specific situation feel free to get in touch with me at: [email protected]

Reblog this post [with Zemanta]
This entry was posted in PCI compliance and tagged , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *