accesso Blog Series: Protecting Guest Payment Cards and PCI Compliance.
Have you ever experienced credit or debit card theft? If so, you know the complicated series of emotions that follow: concern, fear, anger and inevitably a lot of frustration as you deal with closing your card and opening a new one. It can be exhausting, and when it’s all said and done, not an experience that you want to repeat. Sometimes it’s tempting to play detective and figure out where the theft occurred in the first place. When a store has lost your trust in this way, do you think you would be inclined to return?
Payment data security is the cornerstone of trust between merchants and customers, and once this trust is breached it is hard to get back. Cardholder data is valuable to thieves that want to steal it for fraudulent purchases. Often we only think about the immediate damage, but victims of credit card fraud may not be aware until it is too late. Once this personal information is comprised, they can potentially face years of damage and defamation with credit reporting agencies. Customers want to be confident that their data is secure, so merchants must be diligent to ensure that they process secure, compliant payment card transactions.
Whether you are a ski resort, museum or zoo, it’s important to remember that if you are accepting card payments from guests, you are also a merchant — which means the duty to protect this information falls on you! This can seem like a daunting task, especially if you have multiple point-of-sale (POS) terminals, but luckily, there are industry standards designed to help. Following these standards means you are PCI (or “payment card industry”) compliant.
If you’re not familiar with PCI compliance, here is a quick overview: PCI compliance relies on standards designed to provide payment card data security. The standards, known collectively as PCI Data Security Standard (PCI DSS), include a series of components such as information on preventing and detecting security incidents. The PCI Security Standards Council, a global organization focused on Payment Card Industry Security Standards, develops these standards. They are used by software vendors to help develop secure applications as well organizations in their day-to-day operations.
It’s important to give your guests the confidence to spend freely at your location, from the admissions window all the way to the gift shop, but did you also know that following PCI security standards helps you avoid several serious liabilities? These include:
- Costs to reissue new payment cards
- Legal fees
- Fraud losses
- Higher compliance costs
- Non-compliance fines and penalties
- Termination of ability to accept payment cards
What can we do to achieve and maintain PCI compliance? The biggest responsibility of merchants is to provide a secure environment. There are several operational steps that you can take to fulfill this goal, and you may have already put these measures in place. First, it is important to make sure that your systems are regularly updated with the latest malware protection. Any system that touches cardholder data, whether it’s an employee computer or a point-of-sale (POS) terminal should be included. Secondly, when you are setting up your POS terminals, you should set up individual log-ins for each user, and limit the number of users who have access. The PCI Security Standards Council also recommends that organizations create an information security policy document that makes your goals and procedures transparent and holds everyone accountable.
You can also support PCI compliance by working with software developers who provide secure payment applications for your card processing network (both processing and authorization). If you rely on a POS environment to sell to customers, you will want to make sure that you are using a secure network across all of your POS terminals. Did you know that there are systems available that can maintain credit card hardware and software in one secure network? As an added bonus, these systems can eliminate the need for manual payment reconciliation, saving you time and preserving accuracy. Look for a provider that allows you to place security and access controls around stored data, and has this information encrypted. If you aren’t sure if your current provider offers these security features, just ask!
You can learn more are about PCI DSS by referencing the PCI DSS Quick Reference Guide provided by the PCI Security Standards Council. The Council also offers webinars on a variety of topics of interest including reducing the risk of a data breach, Data Security Standards, and more. If you have questions about how our accesso solutions support PCI compliance, please contact us here.
Amanda Swiontek — Technical Writer, accesso Siriusware
Amanda is an Arizona native who currently resides in Orlando, Florida. With over 20 years’ experience in technical communication, Amanda was thrilled to join the accesso team in 2016. When she is not chasing around her two dogs, Amanda is the lead vocalist in a rock band, grad student at Arizona State University, Arizona Cardinals fan and maker of a very secret family recipe of spicy, slow-roasted homemade salsa.