The Payment Card Industry Data Security Standard is all about building and maintaining a secure environment, and is mandatory for any company that stores, transmits, processes, or accepts credit card information. Failing to comply can result in security breaches and some hefty fines. Each company is different, and we can’t provide a full guide to keeping your organization PCI compliant, but here are a few tips to help you stay secure:
- Establish a Secure Network and keep it up to date by enforcing strong password policies and access controls, monitoring available updates for your firewall, and testing and implementing updates as quickly as possible.
- Protect your card holder data within your organization (both physically and on your network) and encrypt any information across open networks. Be aware of what cardholder data you may retain on your systems and document its data flow.
- Limit your company’s vulnerability by keeping your operating systems and programs up to date and protected by anti-malware software.
- Scan your environment both internally and externally on a regular basis for vulnerabilities.
- Maintain an appropriate training curriculum as well as policies and procedures regarding all aspects of security with your staff. This includes but is not limited to: social engineering, physical security, email phishing, and internet access awareness.
- Control who accesses cardholder data in your environment by limiting logical and physical access. Additionally, provide traceability by ensuring every user is assigned unique credentials.
- Track and monitor who accesses your data, and make sure your security systems are effective by testing them on a regular basis.