Tighten Security and Streamline PCI Compliance

Tighten Security and Streamline PCI Compliance


Protecting sensitive customer data from data and fraud breaches is a key responsibility for a business owner, regardless of the size of the business or vertical. And, any and all businesses that accept credit and debit card payments are required to comply with PCI DSS (PCI Council Data Security Standards). For many owners, and especially proprietors of smaller businesses, PCI compliance is under prioritized because they believe that their business is too small to be breached, but according to Visa, some 95 percent of credit card breaches occur with small businesses.

In order to protect your customers’ data, there are a few easy yet critical actions you can and should take.

First and foremost, construct employee password guidelines that discourage sharing, require recurring updates, and remove default passwords that could jeopardize data security. Equally important is the need to enforce policies around the handling of confidential data. Employee awareness training must take place on a periodic basis to review any policy changes and educate new team members.

Public Wi-Fi access has become the norm, which is why it’s vital to separate shared Wi-Fi access from the private, internal systems at your business. This will help protect sensitive data in the event of a security breach. In addition, be sure to utilize compliant encryption methods to further safeguard confidential information.

Selecting PA-DSS validated software offers added peace of mind due to features such as storage encryption and secure transaction processes. Your business will benefit from the tokenization found in this type of software, resulting in both reduced scope for compliance and increased data security.

Avoid storing any sensitive cardholder data. This simple strategy will minimize any risk brought on by a data breach and streamline your PCI self-assessment questionnaire.

Poorly managed remote access is another potential vulnerability when it comes to data security. In order to ensure secure remote access, it’s imperative to only provide remote access to those who need it, require two-factor authentication, eliminate default passwords and employ session length timeouts. It’s also preferable to use secure VPN for remote access and that the action is originated from the merchant outbound and not the other way around.

Security breaches are on the rise, which is why it’s important for all businesses to implement data protection strategies to prevent risk and attain PCI DSS compliance.

As the leader in payment solutions for the energy industry, AVATAS is well versed in PCI compliance and data security standards for companies that operate just like yours. For more information, please feel free to reach out to us at info@avataspayments.com with any questions surrounding your PCI compliance and/or data security strategies.

*This article originally appeared in the July 2013 issue of Fuel Oil News Magazine and can be viewed here.