Why PCI Compliance Is Important

March 31, 2011

PCI Compliance has (to me) seemed like a pretty big boogeyman over the years. Like a method for credit card processors to enact higher rates on businesses who aren’t following very specific and esoteric rules for data encyrption. Data security is vital in business, especially when it’s customer data like credit cards and addresses and such. But a lot of the rules always felt like overkill.
After hearing about a restaurant chain in Boston being fined $110,000 for a data breach, I can see why PCI Compliance is going to be more and more important. The business in question had malicious software unknowingly installed onto one of their PC’s, giving a third party access to credit and debit card info. The software wasn’t detected for 8 months, including the holiday season, so a lot of customer data could have been lifted.
Massachusetts has one of the strictest data breach policies in the country, as well as the most difficult to spell name, but it doesn’t take away the fact that this business could’ve taken meager steps to eliminate this problem. Antivirus/Antimalware software could have probably caught this issue quickly, but an even better step would be to limit employee access to the web on payment terminals. If they can’t connect to malicious sites, they can’t download malicious code. And if it comes from someone installing software from portable media, you have a bigger issue at your business than PCI Compliance.
However, if your merchant account provider can swing it, a really easy way to secure customer credit and debit data is to get an encrypted credit card reader, like MagTek’s Centurion. The reader is programmed by your credit card processor and uses hardware in the device itself to encrypt card data, which is decrypted by the processor upstream. So now even if your computer is festooned with malware, viruses, trojans, and every other piece of horrific software, all they can get is gibberish. Hard to commit fraud with gibberish.

Advertisements

One Response to “Why PCI Compliance Is Important”


  1. […] means they’re connected to the internet for idle people to surf the web, catch malware, and generally cause problems. Grabbing an encrypted card reader for your business or even switching to a separate payment […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: