Abstract Technology Group - logo mark
woman using a credit card for an online purchase

Make Sure Your Credit Card Transactions are Secure

We’ve all heard of the data breaches at Equifax and Target, where millions of records were compromised by hackers. Statistics indicate that cardholder data breaches are on the rise, and criminals are increasingly targeting small and medium-sized businesses to obtain cardholder information. As a result, business data security is now a necessary focus for all organizations dealing with cardholder data.

Payment Card Industry Data Security Standard (PCI DSS)

To help protect consumers’ credit/debit card data, the payment card industry now requires any merchant that processes, transmits, or stores customers’ cardholder data to achieve PCI compliance. The Payment Card Industry Data Security Standard (PCI DSS) is comprised of 12 high-level requirements. 

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect stored cardholder data.
  4. Encrypt transmission of cardholder data across open, public networks.
  5. Use and regularly update antivirus software.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to cardholder data by business need-to-know.
  8. Assign a unique ID to each person with computer access.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security.

PCI DSS applies to companies of any size that accept credit card payments. If your company accepts card payments and then stores, processes, and transmits cardholder data, you need to host your data securely with a PCI-compliant hosting provider.

Failure to meet the PCI DSS 12 requirements may result in fines or termination of credit card processing privileges. Additional costs can include: 

  • Notification, card reissuance, and credit monitoring costs for affected parties
  • Forensic investigation and remediation costs
  • Increased rates charged by banks and/or processor

Find a Partner for Your Business Data Security

Engaging a company like Abstract Technology Group that understands the technical requirements of the PCI DSS can simplify the process and help your organization adopt these practices to achieve compliance.

Subscribe

Interested in learning more?
Contact Us