If you are the owner of an SMB/SME and want to get all you can out of your inventory, it is essential that you are able to receive payments from credit card users. To ensure that your business can receive these types of payments, you must validate your compliance to the Payment Card Industry Data Security Standard, or PCI DSS. The PCI DSS makes sure that the credit card transactions your company processes are free of fraud, forgery, and other common problems with this type of transaction. Auditors from authorized consultants called Qualified Security Assessors, or QSAs – these auditors
are the only people who can certify that a company is abiding by the PCI DSS. If your company processes over 80,000 credit card transactions per year, you must be audited by a QSA to maintain your PCI DSS compliance.
The PCI DSS was not always one simple standard. It used to consist of five separate programs: Visa Card Information Security Program, American Express Data Security Operating Policy, MasterCard Site Data Protection, Discover Information and Compliance, and the JCB Data Security Program. Each program was designed to secure customer’s data. In December of 2004, representatives from each company formed the Payment Card Industry Security Standards Council to unify their standards, creating the PCI DSS.
Although the PCI DSS is one of the most comprehensive and far-reaching set of data security standards, Visa International announced a new set of mandates to help companies achieve what is known as Payment Application Best Practice compliance (PABP). PABP compliance shows that a business has implemented the PCI DSS into their vendor software. These new mandates must be fulfilled by 2010 for a company to achieve PABP compliance.
The most recent PCI DSS standard requires 12 measures of compliance in six areas. The business must first create and maintain a secure network by installing a firewall to protect customer data and changing all passwords for administration and data management software from the vendor default passwords. The company must protect cardholder data with security measures and encrypting cardholder information when it travels over public or open networks. They must create and maintain a vulnerability management program by regularly running anti-virus software and creating and keeping current secure platforms for their systems and software.
The company must also be extremely in the control of access to their information by allowing only those who need to know have passwords and confidential access information, assigning an individual logon to each computer user in the company, and limiting physical access to cardholder data. They must test and monitor their networks on a regular basis, by tracking and monitoring all data access on their network and regularly testing security systems and processes. Finally, the company must create and maintain a policy regarding information security.
Payments are the lifeblood of a business, and it is important to be sure that your company meets the PCI DSS so that you can receive payments from every customer. For more information, please visit
Visa’s merchant page.