PCI Compliance

PCI Compliance

Compliance with the PCI Data Security Standards (PCI-DSS) is not an option for businesses of any size. At Systems Services, we are committed to helping our customers to become educated and compliant. PCI compliancy starts with proper networking equipment. It is critical that your network be segmented, or even completely separate for all devices who need to process credit cards.

Below we have compiled high level information and resources to learn more about compliance and the risks of non-compliance.

Systems Services, Inc. is a PCI Security Council Qualified Integrator or Reseller - QIR Certificate #: 600-190 

PCI Requirements
Control objectivesPCI DSS requirements
Build and maintain a secure network1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect cardholder data3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a vulnerability management program5. Use and regularly update anti-virus software on all systems commonly affected by malware
6. Develop and maintain secure systems and applications
Implement strong access control measures7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly monitor and test networks10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an information security policy12. Maintain a policy that addresses information security

 

Network Map Example


Higher end network equipment has the ability to segment your network into multiple zones and includes the required Firewall to stop network intrusion.

A PCI Compliant network includes but is not limited to a completely separate environment for card processing equipment and non card processing equipment. This means that your POS system needs to not be visible in any manner to either other office computers or of course your customers or guests.

 

Risks of Non-Compliance

The average expense to a small restaurant who has a data breach is over $100,000.00!

60% of merchants who are breached never re-open their doors.

  • Compromised data negatively affects consumers, merchants, and financial institutions
  • Just one incident can severely damage your reputation and your ability to conduct business effectively, far into the future
  • Account data breaches can lead to catastrophic loss of sales, relationships and standing in your community, and depressed share price if yours is a public company
  • Possible negative consequences also include:
    • Lawsuits
    • Insurance claims
    • Cancelled accounts
    • Payment card issuer fines
    • Government fines
More Resources

There are many resources to learn more about PCI Compliance, here are a few of the most useful: