Your business’s point-of-sale (POS) system may be the weakest point in the security of your customers’ credit card information. The Payment Card Industry Data Security Standard (PCI DSS) was created in 2006 to provide businesses with a minimum security standard for protecting customer information when processing credit cards.
Not only is your business required to protect your customer’s information but your processing company has responsibility too. According to PCIComplianceguide.org, “The Payment Card Industry Data Security Standard is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.”
To ensure compliance with PCI DSS and in order to protect your business and your guests from fraud it is essential to assess your POS system for compliance and make any necessary changes to your security systems. Maintaining PCI compliance is not as there are a number of scanning programs and guides available to help you through the process and continually test your system.
Test Your System
PCI compliance covers a variety of your business’s processes, from your POS software to your internet connection to your employees.
- Automated tools are available online that will scan your website or POS system for compliance and alert you to any vulnerabilities in your system.
- Manually monitor your systems and information access. Monitor employee access to make sure that only the assigned individuals are accessing customer information, and that they are doing so appropriately. If your records show an employee logged into the system to access data on a day they were not scheduled to work, you may be dealing with fraudulent access.
- Ensure your software and firewall programs are up-to-date to protect against hackers.
Your POS system should have the proper firewalls and security software installed. Be sure the software you use is appropriate for your business; trying to force incorrect software can create major gaps in the software’s security.
- Assign passwords to each of your employees to enter when they use the system.
- Create a strict hierarchy of access which can restrict unauthorized users from seeing certain information while granting special privileges to managers.
- Make sure your data transmission is encrypted and secured so hackers can access your information in a variety of ways, including the network you use to transmit data.
The consequences of credit card fraud are dire. If your business’s cardholder data is compromised in any way, you risk being dropped by your credit card processing provider and incurring fines anywhere from $5,000 to $100,000 per month. Don’t assume that your system is secure – and your business
protected – until you have implemented the PCI DSS requirements, scanned your system for PCI compliance and repaired any security vulnerabilities.
Megan Webb-Morgan is a web content writer for www.ResourceNation.com. She writes about small business, focusing on topics such as credit card processing.