A Guide on PCI Compliance: It Doesn't Have to be Complicated!

Posted by Joe Musitano on May 27, 2015 4:47:10 PM

PCI ComplianceWow, seems like everything’s changing so fast with payment processing. First, you have ApplePay becoming a strong market player. Then you have the EMV Chargeback Liability shift coming up this fall.

Just one of those is enough to handle. So let’s throw PCI compliance right on top of that! Don’t worry – we got your back. With Solupay's dedicated relationship managers and our overall approach to ensuring PCI with our clients is handled, and not seen as a revenue opportunity, we have made PCI compliance a breeze.

Download our PCI Compliance FAQ

We have compiled this brief guide to PCI Compliance for merchants to provide further peace of mind. Take a look at what to do:

1. Know What Data’s Sensitive, Its Location, And Who’s Responsible for Protection

You need to know the entire data path. What happens to your customer’s credit card data the minute it enters your systems? A simple suggestion is to assign specific persons at your organization as responsible for protecting the data. All you need is a spreadsheet. Review it ideally quarterly, but at least semi-annually.

2. Don’t Store Sensitive Data Unless You Have To

The more you can shift this security risk to other entities, the better. But then you have to make sure they take responsibility for protecting your customer’s data. If you absolutely must store sensitive data, use tokenization to protect the information of repeat customers.

3. Use Multiple Layers of Protection

Face the truth: determined hackers, with enough time, can break through a layer of security. One of the most common mistakes made with firewalls is not addressing how you handle outbound data. Can you imagine a superhighway with absolutely no police on it – and everyone driving knows it? The same level of chaos ensues when you don’t have any outbound data rules.

4. Address One of the Weakest Security Links in Any Chain – Humans

We’re not bashing people here, just addressing how the world works. Your employees should know the procedures for protecting sensitive information inside and out. You should review those procedures on an annual basis. Maybe you create a rewards system for employees who make the fewest mistakes.

5. Require Your Providers to Verify Their PCI Compliance

Did you know more that half of all small businesses don’t require PCI compliance from their service providers? That can come back to bite you. Because it’s up to you who you choose to work with. And if something goes wrong, your customers hold you responsible. Blaming the service provider only makes you look worse. You’ll have to fix your customer relationships. Maybe you’ll have to buy your customers a subscription to an identity protection service.

Create your set of standards and ask your providers to meet them. If they can’t or won’t, let them know you have to go with someone who does.

Follow Those Best Practices & Stay Secure This Year!

If you follow those simple steps, you’ll keep your customer’s sensitive information safe. Meanwhile, some of your competitors will definitely get burned. And that’s your opportunity to get ahead. Work with Solupay to ensure success.

Contact Solupay to Learn More

Topics: PCI