\u00a0<\/p>\n
It\u2019s not just good business practice; it\u2019s the law. And complying with this legal requirement can be a complicated and stress-laden affair \u2013 if you let it.<\/span><\/p>\n \u00a0<\/p>\n Don\u2019t. This guide should help.<\/span><\/p>\n \u00a0<\/span>By law, the Payment Card Industry or PCI imposes Data Security Standards \u00a0<\/p>\n All businesses conducting 6 million or more credit card transactions a year are classified as Level 1 \u00a0<\/p>\n Organisations processing less than a million credit card transactions yearly are classified as Level 4, which includes the majority of small businesses. For them, a PCI audit is typically called for once a breach of customer credit card data has already occurred. So they\u2019ll have to contend with both the hassle of preparing for and passing the audit, and the stress and consequences of their data having been breached. \u00a0<\/span>A PCI compliance audit is essentially an examination of your Point of Sale (PoS) system, which assesses the configuration of your systems, potential vulnerabilities, and recommended steps for ensuring that your customer data remains secure.<\/span><\/p>\n \u00a0<\/p>\n A PCI-approved qualified security assessor (QSA) performs the audit, beginning with a study of the policies, procedures, network and system configuration of your security set-up. A risk assessment is drawn up by the QSA, which is your road-map for improving your network security infrastructure.<\/span><\/p>\n \u00a0<\/p>\n The QSA will initiate a training programme for your staff, with an emphasis on security awareness and the information and skills required for meeting existing PCI regulations and standards.<\/span><\/p>\n \u00a0<\/p>\n A review of the risk assessment will empower the QSA to suggest priority areas of potential vulnerability which have to be looked at, and if these can be readily met, may actually reduce the scale of the total audit. If there are many issues arising, the QSA may be required to manage the implementation of remedial measures. Otherwise, the official may simply take on the role of consultant.<\/span><\/p>\n \u00a0<\/span>To meet PCI compliance standards, it\u2019s necessary to maintain a strong firewall between the domain holding your customers\u2019 credit card data, and your own wireless network. The PCI standards on this are high, and continue to change as the techniques used by hackers are evolving. <\/span><\/p>\n \u00a0<\/p>\n If your system doesn\u2019t meet the compliance standards and a credit card data breach occurs, your organisation may become liable to fines and legal penalties \u00a0<\/p>\n On top of this, you\u2019ll have the extreme loss in consumer confidence and loyalty to contend with. Years of good will built up with your customers can disappear after a single data breach \u2013 and restoring their confidence may take years more.<\/span><\/p>\n \u00a0<\/p>\n The best way to avoid this is to be prepared.<\/span><\/p>\n \u00a0<\/span>Before your audit, go over the PCI requirements, to know which policies and procedures have to be in place. Check the configuration of any new equipment or software installed since your last audit, to make sure that these comply.<\/span><\/p>\n \u00a0<\/p>\n Each quarter, an Approved Scanning Vendor or ASV is mandated to perform a check on all your outward-facing IPs, and it\u2019s important to pass these scans.<\/span><\/p>\n \u00a0<\/p>\n Depending on your circumstances and PCI Level, other periodic checks such as semi-annual reviews of rules set for your firewall and routers, and 90-days storage of security camera data and visitor logs may be required. Be aware of what\u2019s necessary, and take steps to meet the requirements in good time.<\/span><\/p>\n \u00a0<\/span>It\u2019s a legal process, so documentation is essential \u00a0<\/span>If a compliance issue is thrown up, think of it as an opportunity to improve your network security, rather than a calamity. Take the recommended steps to alleviate the situation, and your Report on Compliance should be a favourable one.<\/span><\/p>\n \u00a0<\/span>PCI compliance isn\u2019t a one-off deal. Hackers are continuously looking to gain access to credit card data, and the PCI standards will change over time, to counter this. So it\u2019s important to be aware of the shifting standards, and to react to them accordingly, to ensure your compliance in future.<\/span><\/p>\nPCI: Why?<\/span><\/h2>\n
![](\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\")
<\/a>(PCI DSS) to ensure the privacy of credit card transactions.<\/span><\/p>\n<\/a>, and are required to submit to an annual audit conducted by a qualified PCI auditor. Note that it\u2019s the number of transactions per year, rather than their cash value that counts.<\/span><\/p>\n![\"PCI_breach\"](\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2016\/03\/pci_breach.png\")
<\/a><\/span><\/p>\nThe Audit Trail<\/span><\/h2>\n
If You Don\u2019t Comply?<\/span><\/h2>\n
![\"PCI_creditcard\"](\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2016\/03\/pci_creditcard.png\")
<\/a>imposed on behalf of the credit card companies and related financial institutions.<\/span><\/p>\nBe Aware of What\u2019s Required<\/span><\/h2>\n
Have Your Documents Ready<\/span><\/h2>\n
<\/a>. You can help yourself a lot, by having the required documents readily available and logically organised \u2013 together with any data samples or policies that the audit demands.<\/span><\/p>\nIssues? Don\u2019t Panic!<\/span><\/h2>\n
Think Long-Term<\/span><\/h2>\n
Some Best Practices
![\"PCI_data\"](\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2016\/03\/pci_data.png\")
<\/a><\/span><\/h2>\n