Part 2 - 12 Holiday PCI Compliance Tips, Questions and Advice and Security Best Practices to Get You Ready for the New Year
5. I heard that PCI DSS is too hard
Understanding and implementing the 12 requirements of PCI DSS can seem daunting, especially for merchants without a large security or IT department. However, the PCI DSS standard mostly calls for good, basic security practices. Even if there was no requirement for PCI compliance, the best practices for security contained in the standard are steps that every business would want to take anyway to protect their customers’ sensitive data and continuity of operations. There are many products and services available to help meet the requirements for security and PCI DSS compliance.
When people say PCI DSS is too hard, in many cases the complaints are in fact around cost. However, the business risks and ultimate costs of non-compliance, can vastly out-weigh any PCI DSS implementation costs, including fines, legal fees, and especially lost business. Implementing PCI DSS should be part of a sound, basic security strategy. This holiday season ensure that your business meets the PCI DSS Compliance standard by making achieving compliance part of your ongoing business plan and budget.
6. What are the penalties for noncompliance of the PCI Requirements?
The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. This PCI compliance fine can then be passed on downstream until it eventually hits the merchant. The acquiring bank may then also either terminate the merchant relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic, especially to a small business. This holiday season, make sure you are familiar with your merchant account agreement, which should outline your exposure.
7. If I’m running a business from my home, am I a serious target for hackers?
Yes, home users are arguably the most vulnerable, as they are usually not well protected. Adopting a 'path of least resistance' model, intruders will often zero-in on home users and will often exploit their 'always on' broadband connections and typical home use programs such as chat, Internet games and file sharing applications. This holiday season make sure you identify and fix any security vulnerabilities on your desktop or laptop computers.
8. What information should I routinely check to spot a fraudulent card?
- Check the Expiration Date: The card is valid through the last date of the month. Do not accept an expired card.
- Check the Valid Date: Some cards will have this feature, in which the card is not valid until the date shown. Do not accept an invalid card.
Check the Four Digits: The first four digits of the embossed card number must match the four digits pre- printed above or below that number.