According to Verizon's 2015 PCI Compliance Report, almost 80 percent of businesses fail an interim PCI compliance assessment. And a study of data breaches from the same report indicated that not a single company was fully PCI DSS-compliant at the time of the breach.
Those are two compelling reasons to ensure your own business maintains PCI compliance at the point of sale. But when you look at PCI compliance guidelines, it can be hard to know what to focus on and where to start. Here are three strategies that will keep your POS solutions PCI-compliant.
1. Never store cardholder data
When selecting hardware and software for your POS solution, choose card readers and applications that don't retain sensitive customer data. You'll also want to ensure your payment processor isn't causing your system to store this information.
What's the big deal about saving or storing cardholder information? It makes a big difference when navigating the waters of PCI compliance.
When you know your point-of-sale system doesn't store sensitive card data, and you also avoid keeping card numbers in written form, PCI compliance becomes that much simpler. That's because you won't need to worry about protecting or encrypting those data within your POS solutions.
2. Maintain a secure network
Effective network security for your POS solution includes setting up firewalls, password-protecting and encrypting your wireless router, and locking down hardware and software with strong passwords. And the stronger each piece is, the higher the security of the entire system.
Firewalls help segment your business data and limit access to sensitive customer information. Plan to perform regular checks in order to ensure the solution is working and is updated to the most recent version.
Always change default passwords and ensure they include a mix of numbers, symbols, and upper- and lowercase letters. A quick and easy way to create secure passwords is by using an online password generator.
As businesses create more and more network access points, a layered, comprehensive, and up-to-date security strategy will protect your network from intrusions.
3. Limit access to sensitive data
One of the main objectives of PCI compliance is strong access-control measures. That means limiting access to POS solutions to just those employees with a legitimate business need.
Begin by assigning a unique ID to each person who has computer access. It's not a foolproof system, but will help you ensure you have a record of everyone who gets near your customer data.
And take the time to educate your employees about the importance of protecting cardholder data. It's a message you can't repeat too often and positions your workers as a front-line security force in PCI compliance.
Ensuring the security of your POS solutions requires regular effort. But when you create a PCI compliance plan and build the steps into the daily routine, meeting the annual requirement becomes much simpler.
What strategies are working for you in keeping your POS solutions PCI-compliant?