Is your website safe from hackers?
The odds are against you... Statistically there's a huge chance your site is currently vulnerable to hackers and malware! That's why merchant banks and credit card companies are pushing for PCI DSS compliance.
Why be PCI DSS Compliant?
To start you will have a safer website, and it will make your merchant bank happy, but what's more important is it could save you from losing your business should a breach ever occur.
Imagine Your Peace of Mind
Trust Guard's PCI DSS scan looks at over 75,467 known vulnerabilities or security holes (plus hundreds of new ones each month) helping to protect your site from Hackers. Imagine finally having a safe website and feeling the peace of mind this scanning will give you.
Tell the World!
Show your visitors that your website is safe with a Security Scanned Seal. This seal instantly builds visitor trust and confidence which increases sales!
When visitors feel safe, they are more likely to buy from you.
PCI DSS and PA DSS and How They Apply to You
What is PCI DSS Security?
PCI DSS stands for Payment Card Industry Data Security Standard. It is the collection of standards that merchants who accept credit cards must adhere to in order to ensure that the private information connected to the cards remains private. The current version that is available for the collection of standards is 3.0. All companies that are still adhering to the 2.0 standards much switch to 3.0 by December 31 2014.
What is Included in the PCI DSS Security System?
There are several different categories of guidelines that govern how secure different aspects of the card acceptance system need to be. The first category regards building and maintaining a secure network that will be able to accept cards without divulging the private financial information to those with nefarious purposes. In order for all of the requirements to be met, a retailer needs to install a strong firewall to keep out intruders and change all of the passwords from the default passwords that are supplied from the vendor.
A second category is that of the protection of cardholder data. To meet these requirements, all of the stored data needs to be protected and any data that needs to be transferred has to be appropriately encrypted to make it harder to access. The third category is minimizing vulnerabilities, which involves the regular usage of virus or vulnerability scans and developing methods to make systems secure, updating them annually. Another category is implementing strong access control, which is when all data is restricted to only those who need to know, giving each person who is able to access the data an individual ID number, and greatly limiting the number of people able to access any physical copies of the data.
The last two categories are the monitoring and testing of networks and having an information security policy. Monitoring and testing the networks involves tracking any access to the data belonging to cardholders, as well as running regular tests. An information security policy is essentially a policy that determines which employees will have access to the information, allowing security to be maintained throughout the company.
Does a Retailer Use PCI DSS Version 2.0 or 3.0?
Level 2 merchants who are waiting to become PCI compliant might be wondering which version is valid. The good news is that version 2.0 is valid until December 2014. While PCI compliance does take a few months it’s plenty of time to become compliant. The 3.0 version required after December 2014 is going to be more difficult with 100 additional controls and more evidentiary support requirements. Nine months is more than enough time to go from gap analysis to PCI Compliance, finish up PCI DSS 2.0 and get the ROC completed.
Contacting an established security provider as soon as possible would be wise. Level 2 merchants who are now being targeted by banks to prove their compliance. Chase has recently sent out letters informing all of their merchants to become compliant ASAP. Visa, Master Card, and American Express are also sending letters directly to merchants asking for proof of PCI Compliance. Merchants are busy, PCI compliance is difficult, so it’s no wonder merchants have put off compliance for so long but it’s no longer an option to wait. The time to act is now.
How To Switch To Version 3.0?
The easiest way to do this is to follow the step by step guide provided by the PCI Council, which provides milestones that need to be met. Using advisory services, such as those provided by Trust Guard, will help ensure that all of the guidelines are met by client companies within the nine months that are allowed. This tends to be one of the simplest options that will allow companies to feel secure that all restrictions are met.
Why is PCI Compliance Important?
It is important to be PCI compliant because following the guidelines is the most proven way to ensure that all customer information remains secure. This is critical because it allows the brand to remain intact and for costly breaches to be avoided. A security breach has meant bankruptcy for many businesses both big and small.
What are the Penalties for Not Being PCI Compliant?
Each company that provides cards, such as VISA and MasterCard, are able to set their own fines. This will usually include an exorbitant sum of money to cover the inconvenience of a theft of data, as well as the cost of sending out new cards, forensic audits, and damage to the brand, which will decrease the number of customers willing to shop at a store. If a merchant has met PCI compliance standards, all of this can be avoided.