Compliance with the PCI Data Security Standards (PCI-DSS) is not an option for businesses of any size. At Systems Services, we are committed to helping our customers to become educated and compliant. PCI compliancy starts with proper networking equipment. It is critical that your network be segmented, or even completely separate for all devices who need to process credit cards.
Below we have compiled high level information and resources to learn more about compliance and the risks of non-compliance.
Systems Services, Inc. is a PCI Security Council Qualified Integrator or Reseller - QIR Certificate #: 600-190
|Control objectives||PCI DSS requirements|
|Build and maintain a secure network||1. Install and maintain a firewall configuration to protect cardholder data|
|2. Do not use vendor-supplied defaults for system passwords and other security parameters|
|Protect cardholder data||3. Protect stored cardholder data|
|4. Encrypt transmission of cardholder data across open, public networks|
|Maintain a vulnerability management program||5. Use and regularly update anti-virus software on all systems commonly affected by malware|
|6. Develop and maintain secure systems and applications|
|Implement strong access control measures||7. Restrict access to cardholder data by business need-to-know|
|8. Assign a unique ID to each person with computer access|
|9. Restrict physical access to cardholder data|
|Regularly monitor and test networks||10. Track and monitor all access to network resources and cardholder data|
|11. Regularly test security systems and processes|
|Maintain an information security policy||12. Maintain a policy that addresses information security|
Higher end network equipment has the ability to segment your network into multiple zones and includes the required Firewall to stop network intrusion.
A PCI Compliant network includes but is not limited to a completely separate environment for card processing equipment and non card processing equipment. This means that your POS system needs to not be visible in any manner to either other office computers or of course your customers or guests.
The average expense to a small restaurant who has a data breach is over $100,000.00!
60% of merchants who are breached never re-open their doors.
- Compromised data negatively affects consumers, merchants, and financial institutions
- Just one incident can severely damage your reputation and your ability to conduct business effectively, far into the future
- Account data breaches can lead to catastrophic loss of sales, relationships and standing in your community, and depressed share price if yours is a public company
- Possible negative consequences also include:
- Insurance claims
- Cancelled accounts
- Payment card issuer fines
- Government fines