PCI as a Service (PCIaaS)

1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system password and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and update anti-virus software or programs
6. Develop and maintain secure systems and apps
7. Restrict access to cardholder data by business “need to know”
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for all personnel

All businesses that access payment cards – Via, Mastercard, Discover, AMEX, JCB – are required by the card brands to comply with the security practices. There are penalties for non-compliance, such as fees and revocation of the merchant’s card processing ability. If there were a data breach, businesses found to be in violation of PCI DSS may be subject to fines and penalties. Even worse, if the business is found liable for a data breech, the associated costs can exceed $100,000.

PCI compliance can protect your business from hackers and data thieves, as well as limit your liability in the event of a data breach. As more businesses are turning to ecommerce, digital payment methods, cloud networking and cloud-based data storage, it creates more opportunities for cyber criminals to exploit vulnerabilities. Data breaches are becoming more frequent, according to a report in ComputerWeekly.com. A total of 878.17 million data records were compromised world-wide in January 2021 alone, more than the entire 12 months of 2017.

Payment card data can be stolen from an internet-connected business through theft of merchant receipt copies or transaction information, hacking of the point-of-sale system with Internet connections, and Internet hacking of ecommerce websites.