Business Checks

Having a online store is alot of work and fun. But when you think its all done and ready to go. Well not quite yet. You must make sure when your accepting credit cards that its not only SSL secure, but your in PCI compliance. PCI stands for “Payment Card Industry”. Being in compliance keeps you out of alot of trouble. Keeping your customers information safe.

There are six categories of PCI Standards that must be met in order for a retailer to be deemed compliant. Just like a business check, must have certain security features to be used with the check 21 laws

Maintain a secure network

This standard refers to the actual computer network that cardholder data is exposed to. In the case of an online business, the most obvious vulnerability for this standard is the web server. Luckily, most hosting companies take responsibility for ensuring the security of their networks. However, there is more to this than you think. Do you keep cardholder data (even just names) on a laptop that you use on public networks? Does your office network have a firewall installed and reasonable security measures in place with security. Do you keep it on site, or off site? If you have onsite check deposit. You need to keep the original checks, even if their checks made from bulk blank checks in a secure area.

In short, whenever any personal information about a cardholder is stored on a computer (which is also connected to a network), that computer is behind a firewall and all reasonable measures must been taken to protect that particular network against any one else trying to hack in.

Protect Cardholder Data

Business owners that choose to store cardholder information have an obligation to protect that data. Protecting information means that not everyone can access it. Businesses that store actual credit card numbers will often store them as encrypted data, so that even if someone got access to the database they still could not decipher the information in it and protect your customer. Authorize.net is great for the payment gateway and not allowing stored Credit Cards to be onto your computer.

E commerce businesses need to be especially critical of the way that cardholder data is transmitted. When a customer makes a purchase on a website, his/her cardholder information is sent across the Internet. During that transmission, cardholder data must be encrypted with at least a 128 bit SSL certificate in order to meet this standard and you’ll see the url change to HTTPS, and with a unique order completed url as well at the end.

Maintain a Vulnerability Management Program

This one is very simple, and translates to keeping up to date with your systems. Vulnerability exposure can be minimized by regularly updating computer hardware, operating systems and software. Keeping up to date anti-virus software, as well as running regular virus scans, is another requirement to meet this standard if your systems are susceptible to such vulnerabilities.

Implement Strong Access Control Measures

The most exploited breach in security is the human element, which is harder to protect. Part of meeting PCI compliance means limiting access to cardholder data to only those persons that need to use it. In addition to restricting physical access to cardholder information, business owners are also responsible for assigning a unique identification to each person that does have access and needs to be monitored. Make sure your wireless system is encrypted from others. Having a open port is crucial for your network and someone can plant a sniffer and get into your system. Plant a code and get your customers information.

Regularly Monitor and Test Networks

Networks that store cardholder data needs to be monitored and tested regularly. Regular scans of security measures and processes, monitoring and tracking of network access to cardholder data are required to satisfy this standard. Consider signing up for a security testing and auditing service, such as ScanAlert’s Hacker Safe program, which can help you to identify and fix potential security problems as they arise. Read your reports and see how many times your employees are using the network. To much can mean something could be going on. You’ll have the same security features with the checks on top, as would with checks in middle.

Maintain an Information Security Policy

Considering that humans are generally the easiest part of a system to hack, and also that ignorance does not relieve liability, it’s important to draft and implement a company-wide information security policy. Make sure that your employees know and understand their responsibilities with regards to cardholder data before it becomes an issue. Keeping your PCI policy updated, just like your quickbooks checks that has been reconciled.

The first step in PCI compliance is to meet the above standards. Credit card companies and financial institutions validate that vendors are abiding by the regulations, giving them ratings based on their volume of transactions. The rating that a company receives determines the process that they must go through in order to be validated. Next month, we’ll take a look at the four validation ratings, and what each rating means to a company. Making sure your online store PCI compliant will save you alot of money. Failing into doing so can cost you a few thousands of dollars per incident.