Payment Card Industry Data Security Standard (PCI DSS) is a security feature that was developed by the major credit card companies to help businesses that process credit cards prevent credit card fraud through various security vulnerabilities that would exist otherwise. All companies that store, transmit, or process credit cards must be PCI DSS compliant in order to process these transactions. If they are not, then they can lose their ability to accept credit cards.
If you are not sure how these actions can protect your credit card transactions, below are the security standards that must be employed in order to make sure these transactions are secure:
• Not using password defaults or other security measures that are provided by the credit card machine vendor. They are usually all the same and make the system vulnerable.
• Install and maintain a firewall to keep intruders out.
• If cardholder data must be transmitted over public networks that are open, the data must be encrypted.
• Business need-to-know must be used to restrict access to cardholder data.
• Physical access should be restricted to cardholder data.
• Each person that has computer access, which means they may be able to access credit card numbers, should be assigned a unique username and password. This is so any accessed data can be traced back to the person who accessed it.
• All access to network resources should be monitored, as well as access to cardholder data.
• The system should be tested on a regular basis. This means all processes should be tested as well.
• Maintain an information security policy. Enforce compliance with this policy and discipline if it is deviated in any way.
There are also certain pieces of information on a person's credit card that can and cannot be stored. The pieces of information that can be stored are the card number, the cardholder's name, the expiration date, and the service code. Pieces of information that cannot be stored are the magnetic strip, the PIN number, and the CVV code on the back of the card. PCI DSS standards require that information that is permitted to be stored is stored in a secure manner. Auditors will check for compliance in all of these areas. If it is found that the business is in violation in any way, the business could risk losing their privileges of taking credit cards or could face a heavy fine.
A worse scenario is that if a business is found to be in violation of PCS DSS requirements when cardholder information is stolen. This holds the business liable for ensuring that customer information is not compromised and to take measures that are appropriate in case that information is.
Even if you are a hosting provider, you have responsibility such as making sure the connection is secure when accepting credit cards. PCI DSS requirements do not apply to just in-store environments. It is true that it is impossible to verify that the person using the card is indeed that person, but what is possible is to make sure that information is protected so that outside parties do not access it. The internet is crawling with hackers and those looking for insecure connections. Abiding by PCI DSS regulations makes it less likely that such a breach will occur.
So now you can see how PCI DSS protects your credit card transactions. It is very likely that information is stolen when PCI DSS is followed closely. As long is it is followed, you have no security breaches to worry about and no bad audits that could result in trouble for your business.