Why Your Business Should Be PCI Compliant
Is Your Retail POS Ready For The New EMV Compliance?
Starting October 1, 2015, any Retail Merchant that accepts credit cards and that is not ready for the new EMV type credit cards, will be fully liable in case of a credit card breach.
In the past, the credit card company took responsibility for the breach if cards were swiped at a merchant's location. Now, if the business is not EMV compliant by October 1, 2015 the merchant will be completely responsible for all liability involved. All systems that we sell from this point forward are already EMV certified so you will not have any issues with our systems.
Robert Cohen, a POS Consultant at Southernmost POS Systems & Consulting LLC, knows security is an important issue for you and your customers. A breach can cost you and your company not only millions of dollars but also peace of mind. This doesn't even count the hidden costs such as loss or damage to your brand. We understand these fears and are committed to delivering the most secure payment processing services to you.
For the last seven years, we have followed the Payment Card Industry Data Security Standards (PCI DSS) and Card-holder Information Security Program (CISP) guidelines to help our merchants continue to grow, succeed and preserve their image as a trusted vendor. The PCI DSS is a security requirement designed to help organizations protect customer account data on a global basis.
In reality, unfortunately, no one is safe from a data breach. In fact, according to the Identity Theft Resource Center the number of data breaches rose nearly 50% in 2008. By following the PCI DSS procedures, you and your business will be better prepared to secure your customer's personal data, thereby increasing customer self-assurance, protecting your business from financial losses and remediation costs and preserving the reputation of your brand.
These standards for security management. policies management, policies, procedures, network architecture, software design and other protective measures are summarized below. These regulations apply to all merchants that accept, transmit or store any card-holder data, regardless of size, wealth, or number of transactions.
- Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect Card-holder Data
- Protect stored data
- Encrypt transmission of cardholders’ data sensitive information across public networks
- Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Implement Strong Access Control Measures
- Restrict access to data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to card-holder data
- Regularly Monitor and Test Networks
- Track and monitor all access to network resources and card-holder data
- Regularly test security systems and processes
- Maintain an Information Security Policy
- Maintain a policy that addresses information security
Under PCI, merchants fall into one of four levels based on VISA or MasterCard transactions volume over a 12-month period. Transaction volume is based on the aggregate number of VISA or MasterCard transactions (inclusive of credit, debit and prepaid) from a merchant Doing Business As (“DBA”).
To ensure that all credit card information is maintained in a secure environment, our Data Breach Security Program is PCI DSS compliant. You can always be assured our Merchant Services are PCI compliant by visiting Visa's website at www.visa.com/cisp.
This breach security program, which is offered on several of our products and services, covers a mandatory forensic audit required by the Payment Card Industry Data Security Standard (PCI DSS), card replacement costs and related expenses, and PCI DSS assessments and fines levied from such a breach, regardless of your business's size.
Adopting PCI DSS may have additional costs associated with it (Annual PCI Compliance Fees - approximately $99 a year), but the expenses are even greater if you choose not to abide by these guidelines. The cost of a data breach for a Level 4 merchant averages $36,000 - in other words, more than enough to destroy a small business.
Data breaches can happen to any business, regardless the size. As a TransFirst, !st Data, Mercury and Sterling ISO, we are here to help and arm you with the most cost-effective tools, knowledge and support to ensure that your customers’ data is protected.