PCI Compliance

If you are taking credit cards for your business, then you need to take a look at PCI compliance.  There are many facets to being PCI compliant.

In addition to the basics of:

  • your point-of-sale, or order system being compliant in the way that credit cards information is handled,
  • and all transmissions to and from the processing center being encrypted,

your system as a whole needs to be checked.

There are several companies that will perform a "PCI scan" of your system.  Usually, such a scan turns up such things as your web server software and mail server software need to be updated.  Even if you have the latest software, your configuration may need to be tightened.

There may be a large amount of tuning and updating needed to get your systems compliant.  However, if there is a data breach in any way associated with your sites, the first thing that is checked by the credit card companies is the last PCI scan before the breach occurred.  If it is anyway non-compliant, then there is the increased possibility that you will get the blame, and potentially have to assume some of the cost.

It is much better to have the scans done, monitor them, and take the steps necessary to bring your systems into compliance.  

While the initial reports may look daunting, with dozens of "failed" notices (which is not uncommon), in reality it usually is not that bad.  One outdated package, such as a web server that is a couple of patches behind, can generate many fails.  By updating your web server, you may easily take care of a dozen or more fails at once.  So, even a large list of issues to address can usually be quickly pared down to a few.

For help bringing your system into PCI Compliance and minimizing your exposure to suits to recover loses, contact us at CCS Retail Systems.

Leave a Reply