All businesses need to be PCI-DSS compliant if they are accepting payments.
The payment industry is evolving rapidly. As the likes of Swyftx will confirm, more people are paying with the likes of Bitcoin these days.
No matter what payments you accept, you need to make a dedicated effort to protect your customers. Here are some questions to ask to make sure you are doing that.
Q1 – Do you offer free Wi-Fi for your customers?
a) YES
b) NO
Q2 – Do you segregate payment traffic from all other traffic on the network?
a) YES
b) NO
Q3 – Do you use default passwords that have been supplied from your vendor?
a) YES
b) NO
Q4 – Do you use additional means of protection, such as encryption or
cryptography? Or, are passwords your only form of security?
a) YES – Additional methods used.
b) NO – No, we only use passwords.
If you have answered yes to Q1 and no to Q2, you are putting your sensitive data at serious risk of falling into the wrong hands. PCI DSS requires a Cardholder Data Environment (CDE) to be created, which restricts access to sensitive payment information. Experts can help you to rectify this problem.
If you have answered no to Q1, risks are lowered by not offering free Wi-Fi. However, if you do in the future, make sure you go about it in a secure way.
If you have answered yes to Q3, you are failing to comply with PCI DSS standards, as default passwords are not strong enough to protect your systems. You must ensure you use strong passwords and additional methods of protection.
If you have answered yes to Q3 and no to Q4, you are putting your sensitive data at extreme risk, as your systems aren’t secured effectively. Access will be easy for hackers because your passwords aren’t strong and they are your only form of protection.
If you have answered no to question 4, you need to add an additional layer of protection to your systems in the form of cryptography, encryption, or any other effective method.
Yes to Q1, no to Q2, yes to Q3, no to Q4.
You are putting your sensitive data at serious risk of falling into the wrong hands. PCI DSS requires a Cardholder Data Environment (CDE) to be created, which restricts access to sensitive payment information. Again, experts can help you to rectify this problem.
You are also at extreme risk, as your business systems aren’t secured effectively. Access will be easy for hackers because your passwords aren’t strong and they are your only form of protection.
If you have answered yes to all questions, congratulations, you’re currently complying with the PCI DSS. Please make sure you continue to update your practices and maintain the methods you’ve set in place.
If you are struggling to determine whether or not your business is compliant and what you need to do to achieve this, seek expert assistance. Do not risk it.