Fraud Prevention Month – PCI Compliance
Every year in March we take an opportunity to remind you of some of the risks associated with processing electronic payments. PCI Compliance is an important topic that often doesn’t get the attention it deserves. Data Breaches are real and they are capable of forcing companies out of business. Let’s answer a few important questions on PCI Compliance.
Why do I have to maintain PCI Compliance at my business at all times?
Your patrons’ trust is one of the most valuable assets your business has. Stolen personal data can destroy trust and the good relationship that you built with your clients over the years. A data breach can seriously damage your brand reputation and there is a high cost associated with the breach. Lost time, lost customers, legal fees, and damaged brand reputation would take hours of your valuable time that you would have to spend taking care of the issues unrelated to your day-to-day operations. Maintaining PCI Compliance will help to reduce the risk of data exposure and help to avoid costly fines.
What is included in becoming PCI Compliant?
In order to become PCI compliant, you need to complete a Self-Assessment Questionnaire (SAQ) and a PCI Security scan.
What is a Self-Assessment Questionnaire (SAQ)?
The SAQ is a list of questions designed to help your business create proper processes and procedures to keep your customers’ data safe. The SAQ consists of a list of questions that help you understand correct PCI processes on an intuitive level. Each question provides clarification and guidance and helps create internal processes and correct practices for your business.
What does PCI Compliance scan include?
The compliance scan includes internal and external vulnerability scans via our Approved Scanning Vendor (ASV). Both scans must be performed on a regular basis to make sure the security systems are up to date. A vulnerability scanner is a program designed to discover the weak points in your networks, assess your setup and find areas that need improvement. The scanner identifies the points where the network is open to compromises by checking the ports, devices that might connect remotely, security cameras and the actual website itself. An external vulnerability scan looks for holes in your network firewall(s), where malicious outsiders can break in and attack your network.
We invite you to watch a few educational videos to get a better understanding of the PCI Compliance processes.
Importance of PCI Compliance for Your Business
Data breaches can happen to anyone, whether your business is big or small. Learn about how PCI Compliance can help protect your business.
The Importance of Performing a Vulnerability Scan on a Regular Basis
Get a better understanding of why your business needs to perform a vulnerability scan on a regular basis.
If your business uses an IP connection, you should perform a vulnerability scan at least every 3 months. Fines for non-compliance can run anywhere from 5k – 100k, depending on the level of data exposure. It’s much easier (and cheaper) to take actions such as a regular vulnerability scan than to have to deal with the aftermath of a data breach.
PCI Compliance Self-Assessment Questionnaire
Data security plays a very important role in protecting your information and that of your customers. Stolen personal data can destroy trust and can be quite damaging to the relationship you have built with your clients.
Preventing a data breach from happening is less costly than dealing with the aftermath. That’s where the PCI Compliance Self-Assessment Questionnaire comes into play.
The questions are designed to help you create proper processes and procedures to help keep your clients’ sensitive data safe.