Media Kit

Fb Share

Congratulations! You took the time to become PCI (Payment Card Industry Data Security Standard) compliant by accurately filling out your Self-Assessment Questionnaire (SAQ) and passing all the requirements; remediating your location until you internal and external vulnerability scans passed; and training your employees. Your location is secure now, right? Well, in all honesty, the answer is a resounding maybe.

You must understand that PCI is a good compliance standard, but it is no guarantee that you are actually secure. The PCI standard came about so that merchants who took credit cards would understand and comply with the minimum level of security that the credit card companies demanded to protect their credit cards. While PCI can be daunting, especially if you try to do everything on your own without professional guidance, it is only the minimum precaution you should take when trying to keep your environment safe.

To complicate matters even more, computer hackers do not stand still. They are constantly inventing new ways to break into systems, and protections that were adequate yesterday will no longer keep them out once they develop these new techniques. If you really want to stay secure in the long run, you must constantly have a process to identify new risks to your stores and react to them.

You are probably thinking to yourself, “But I’m not a security expert. How could I possibly find these risks.” You are right, and this can be a challenge. For small merchants in particular without formal training in risk assessment, the task is daunting, so taking a step back might help.

For most brick and mortar locations there are usually 3 primary risks (if your particular location has more complicated data storage, or if sensitive data is moved off-site, then you will have more than these 3). In no particular order, you should be concerned about external hackers and threats; internal issues and malicious employees; and physical theft. For each of these, you must identify your risk; determine what would be affected if you were compromised; protect your assets; and figure out how to mitigate the risk.

The PCI Security Standards Council has released a document to help you understand this process, but it was really designed for large environments with a qualified IT staff. Like many things in PCI, it is sometimes a best practice to admit that you need help and to ask a professional for guidance. It is better to get the help before you are affected than to be surprised later.

Related Content

User Comments – Give us your opinion!
Products & Services

Black Box HDMI Splitters with 3.5-mm Audio Jacks

http://global.networldalliance.com/new/images/products/3191.png

3191/Black-Box-HDMI-Splitters-with-3-5-mm-Audio-Jacks

John Deere Live!

http://global.networldalliance.com/new/images/products/570.png

153/John-Deere-Live

Black Box DVI-D Extender with Audio and EDID

http://global.networldalliance.com/new/images/products/3193.png

3193/Black-Box-DVI-D-Extender-with-Audio-and-EDID

Retail Keynote Speaker on Customer Experience

http://global.networldalliance.com/new/images/products/349.png

349/Retail-Keynote-Speaker-on-Customer-Experience

LG 55WS10-BAA

http://global.networldalliance.com/new/images/products/6425.png

6425/LG-55WS10-BAA

Self-Service Solutions

http://global.networldalliance.com/new/images/products/selfservice_solutions_100.gif

143/Self-Service-Solutions

Slabb X2/X3 Desktop, Rugged Kiosks

http://global.networldalliance.com/new/images/products/6477.png

6477/Slabb-X2-X3-Desktop-Rugged-Kiosks

LG 84WS70BS-B

http://global.networldalliance.com/new/images/products/6419.png

6419/LG-84WS70BS-B

Codigo Voice

http://global.networldalliance.com/new/images/products/5959.png

5959/Codigo-Voice

Content Management Software - Remote Transfer

http://global.networldalliance.com/new/images/products/remote_transfer_100.gif

184/Content-Management-Software-Remote-Transfer

PCI Compliance & Network Security

Latest posts by Brad Cyprus
Brad Cyprus
Bradley K. Cyprus has more than 20 years experience in the security industry. He manages the development of in-house solutions to validate compliance, and he is a resource that Vendor Safe customers can rely upon to help interpret the PCI standard.
CONNECT 2014 Mobile Innovation Summit
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.