PCI DSS Stands for ‘Payment Card Industry Security Standard’. It is a set of standards which help to ensure that anyone who takes, processes, stores or transmits card payments and card details do so in a secure manner.
In general, it covers such things as network security, device security, rules of handling and storage of data, software and application quality and security along with documentation for all systems associated with the processing of card payment and security.
PCI DSS applies to ANYONE who accept, transmit or store cardholder information regardless of the company size or volume of transactions they take.
There are a number of levels of PCI DSS depending on the volume of transactions you make in a year.
The first thing to say is don’t panic, PCI DSS is a very daunting and for small businesses scary process, especially when confronted with questionnaires asking technical questions about your security of which you know nothing about. You are not alone in this, every business we speak to has the same reaction.
“How am I supposed to answer questions I don’t even understand?”
At this point what often happens is heads get buried in sand and the problem gets ignored, which unfortunately leaves your business compromised to such an extent that a business closing event could take place at any time.
Again, don’t panic, but also don’t ignore it.
We can help, we are well versed in PCI DSS compliance, the processes needed to achieve it both technically and in terms of internal processes and documentation. We have many clients which we work with on an on-going basis to ensure they are fully compliant.
We can easily help with security audits, maintenance of routers, networks, wifi and servers, Firewall setup and ensuring everything is locked down and secure. We can implement a plan for the rotation of passwords and IT security protocols.
We can ensure that all your hardware is compliant, for example, routers need to be of a sufficient quality to allow firewalls to be configured in such a way that they are fully secure, that all known flaws in devices are patched and secured and all default administration access is disabled or otherwise secured.
We can conduct a full security audit of your systems, ensuring that all machines are fully supported and patched with the latest releases from Microsoft and others and configure virus protection to be PCI DSS compliant and continually monitored.
We can provide you with documentation for your IT Security which will address all the requirements for your level of PCI DSS and continually monitor your systems to make sure they remain secure and compliant.