An increasing number of small businesses are shifting from running brick-and-mortar locations and have been dabbling with accepting over-the-phone and e-Commerce payments. Keeping their customers' payment data secure in this rapidly changing environment has its challenges and learning opportunities.
The Payment Card Industry (PCI) has developed security standards for handling cardholder information in a published standard called the PCI Data Security Standard (DSS). The security requirements defined in the DSS apply to all members, merchants, and service providers that store, process or transmit cardholder data.
What does all of this mean to the average retailer that is accepting credit card payments?
PCI compliance may seem like a hassle and a distraction from running your business, however maintaining full compliance will shield you and your customers from a potential data breach. Also, some pretty hefty fines for non-compliance could be passed onto you from your merchant, so its best to keep up-to-date.
Here are some tips for small and medium businesses
Reduce Where Payment Card Data Can Be Found
The best way to protect against data breaches is not store card data at all. Many small merchants are offering curbside pickup now and are accepting telephone payments in lieu of former face-to-face transactions. Avoid writing payment card details down and instead enter them directly into your secure terminal.
Use Strong Passwords
The use of weak and default passwords is one of the leading causes of payment data breaches for businesses. To be effective, passwords must be strong and updated regularly. Take a look at this quick video on how to create a strong, easy to remember password in less than a minute.
Keep Software Up-to-Date
Criminals look for outdated software to exploit flaws in unpatched systems. Timely installation of security patches is crucial to minimize the risk of being breached. One way to keep up with all the necessary changes is by ensuring you are applying operating system updates and checking for updates for other installed applications. At the time of writing Windward System Five's current versions are 6.2.4.x and 6.4.7.x.
Think Before You Click
Hackers use phishing and other social engineering methods to target organizations with legitimate-looking emails and social media messages that trick users into providing confidential data, such as payment card number, merchant account number or password. Small merchants should be extra vigilant and be on the look out for common phishing and social engineering hacks. Emails from Windward Software will be delivered from the @windwardsoftware.com domain.
Choose Trusted Partners
It’s critical you know who your service providers are and what security questions to ask them. Is your service provider adhering to PCI DSS requirements? Windward Software Systems, Inc. is validated according to PA-DSS v3.2 and has continued to maintain PCI certification throughout the years. Its also worth noting that our cloud solution handles payments in a manner such that your customer's credit card number never actually touches our platform which lowers your risk while you remain integrated.
Need some help completing your PCI Compliance Checklist?
Existing clients have resources available.
How to complete the PCI Compliance Checklist can be found here in the Windward Software Wiki. This topic is available in the Windward Learning Academy and you can also use Searchable Self-Help.
The Windward Webinar Series will cover How to complete PCI Compliance Checklist next. This webinar will discuss what Payment Card Industry (PCI) Compliance means, how are PCI and System Five connected, and how to complete your PCI Compliance Checklist. There will be a live demonstration and a quick Q & A will follow at the end of the presentation.
Share this article on
