5 fast facts about PCI compliance

We’ve all heard Target’s horror story. Thousands of customers were made vulnerable by a massive data breach in which cardholders’ information was stolen. While Target was maintaining PCI compliance standards, data was still at risk. What does this mean for business owners? To effectively protect your customers, there are a few things you should know about what PCI compliance is and isn’t.

  1. PCI compliance is a necessary and helpful way to protect sensitive information. Legally, if you accept payment cards, you must adhere to strict guidelines for protecting customer data. Your trusted IT experts at Cognoscape can help ensure you remain compliant.
  2. PCI compliance doesn’t guarantee security. Self-audits and regular maintenance of security protocols are essential for protecting customer and employee information. When performing a self-audit, there are a few things you want to check:
    1. How you store and transfer customer financial data (such as credit card numbers).
    2. How your employees are educated and trained on security and data management.
    3. How vendors and suppliers within your network handle the financial data.
  3. PCI compliance can’t be avoided and non-compliance is costly. With the growing rate of cybersecurity related fraud, PCI compliance is more important than ever. Protecting customer data is not only important because non-compliance can result in massive fines, but lost consumer trust from a data breach can make it tough for your business to financially recover. Partnering with a security advisor can help alleviate the costs and headache of non-compliance.
  4. PCI compliance requires effort. We’re not saying it requires a lot of work, but you won’t maintain compliance passively. Using tips can help simplify the process, and if you really want to guarantee you’re following guidelines, we can help.
  5. PCI compliance isn’t going away. Working on compliance is rarely any business owner’s most enjoyable experience. It can be tedious, and it can be scary. The threat of fines or lost revenue from data breaches it the stuff of nightmares. But, in a cybercrime riddled world, it’s essential to protect sensitive cardholder information. PCI compliance isn’t going anywhere, so make sure you know how to appropriately meet guidelines.

Don’t let PCI compliance keep you up at night. At Cognoscape, we have years of experience protecting businesses like yours from non-compliance. Give us a call, and let’s get to work protecting you.

A compass on top of a road map, ready to help you navigate through regulatory compliance

Our Spring eBook was Created for You to Understand Regulatory Compliance

Regulatory compliance for a company will ensure adherence to various state and federal laws, standards, procedures, and industry-specific requirements relevant to their success. Failure to comply to regulatory compliance will subject the company to legal punishments and federal fines.


4 Signs that You’re Out of PCI Compliance

Compliance with the standards set by the Payment Card Industry (PCI) Security Standards Council can be cumbersome and flat out difficult. And the punishment for non-compliance can be stiff penalties and fines – or even worse, non-compliance could allow a hacker or data thief to get into your company’s systems and steal critical data from you or your customers. To avoid these unsavory outcomes, it is best to make sure that your business gets PCI compliant and maintain that compliance status. It is critical that you know if your company is PCI compliant so that you can keep your business protected from fines and hackers alike. Here are some of the ways that you can know if your business is not compliant. If any of these signs describe your business, then it is time to make a change and get back into compliance.

You Store Cardholder Data

Storing cardholder data means that you have highly sensitive information that can be stolen on your systems. To maintain PCI compliance, you should not save or store any cardholder data, whether in digital or written form. To avoid storing cardholder data, you can use a card reader, POS terminal, or a payment processor that doesn’t retain that information. That way, you don’t have to think about protecting or encrypting that data on your systems.

You Don’t Have A Separate Network For Payment Processing

PCI compliance can put extra pressure and security measures on your network. That’s why it is a good idea to have a separate system for your regular business connection just for payment processing. This is especially relevant if you are using IP-based credit card terminals.

You Don’t Automatically Log Customers Out

When your customers log in and make a purchase, they might be doing so on a public computer or at a public kiosk. When they leave that computer, they might forget to log out, allowing another person to stumble upon their open session and make unauthorized purchases. Make sure that you avoid these kinds of scenarios by automatically logging your users out of their sessions after a set period. If for example, users are automatically logged out after five minutes being idle, you have a significantly higher chance of stopping unauthorized purchases.

Your Employees Don’t Have Unique Login Information

To be PCI compliant, all of your employees need to have their unique login information for sensitive systems. That way, if there an issue, you know which employee was responsible.