Media Kit

Fb Share

There is an ugly truth in the world if you process your credit cards through your POS software. Businesses that fall under this model must understand that software alone, even if it meets the PCI requirements as dictated by PA-DSS (Payment Application Data Security Standard), is not enough by itself to make you PCI compliant. Having secure software is important but insufficient when it comes to PCI compliance.

The question this raises on the mind of the typical merchant is, "Why did I bother to upgrade my software if it is not enough for PCI compliance?" Well, the good news is that the money did not go to waste. A business running non-compliant software that processes credit cards has almost no chance of ever becoming PCI compliant. On the other hand, a business that is running validated software has taken an important first step on the path to securing their location, and if that same business shows the proper diligence, there is no reason that full PCI compliance cannot be achieved.

PCI has 12 main requirements (each of which has numerous sub-requirements), and POS software falls primarily under requirement 6 - Develop and Maintain Secure Systems and Applications. The other 11 requirements hardly mention software. The following items are just some specific examples of what else PCI demands:

1. Deploy and maintain a firewall between the credit card environment and public networks (such as the Internet).

2. If you use wireless, do so in a secure fashion.

3. Manage the access your employees have to sensitive data

4. Test your systems quarterly for vulnerabilities both externally and internally.

5. Train your employees upon hire and once a year thereafter about how to handle credit cards safely.

There are almost 300 total requirements in the PCI standard, so obviously the previous list is not exhaustive. However, it is clear that software is an important element when you are planning to secure your business, but do not fool yourself into thinking that it will solve all your problems. PCI has many parts, and while upgrading to a PA-DSS validated software package helps, you still have other needs when it comes to PCI.

Related Content

User Comments – Give us your opinion!
Products & Services

Mobile

http://global.networldalliance.com/new/images/products/4760.png

4760/Mobile

Automated Retail KIOSKS

http://global.networldalliance.com/new/images/products/4828.png

4828/Automated-Retail-KIOSKS

LG 47WS50BS-B

http://global.networldalliance.com/new/images/products/6433.png

6433/LG-47WS50BS-B

Mizuno Modular Displays

http://global.networldalliance.com/new/images/products/4907.png

4907/Mizuno-Modular-Displays

Scala Advanced Analytics

http://global.networldalliance.com/new/images/products/6169.png

6169/Scala-Advanced-Analytics

Super-Slim LCD for Video Walls | 55” NEC X551S

http://global.networldalliance.com/new/images/products/4697.png

4697/Super-Slim-LCD-for-Video-Walls-55-NEC-X551S

Olea Retail Kiosks

http://global.networldalliance.com/new/images/products/5481.png

5481/Olea-Retail-Kiosks

Slabb X4 Wall Mount Informational Kiosk

http://global.networldalliance.com/new/images/products/6479.png

6479/Slabb-X4-Wall-Mount-Informational-Kiosk

Olea Casino Loyalty Kiosks

http://global.networldalliance.com/new/images/products/6297.png

6297/Olea-Casino-Loyalty-Kiosks

Retail Undercover Shopper or Employee

http://global.networldalliance.com/new/images/products/3779.png

3779/Retail-Undercover-Shopper-or-Employee

PCI Compliance & Network Security

Latest posts by Brad Cyprus
Brad Cyprus
Bradley K. Cyprus has more than 20 years experience in the security industry. He manages the development of in-house solutions to validate compliance, and he is a resource that Vendor Safe customers can rely upon to help interpret the PCI standard.
CONNECT 2014 Mobile Innovation Summit
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.