When you think data breaches, you typically think of huge brands. Target. Experian. This doesn’t happen to small businesses right? Wrong.
Just because you don’t see it splashed across headlines doesn’t mean smaller businesses don’t get hacked. And it can cost your business big time.
IBM research estimates that every compromised record (whether health, payment or personal information) costs business $158 each.
It’s not just the financial impact. It affects customer credit. They may lose trust and take their business elsewhere.
The Payment Card Industry Data Security Standard (PCI DSS) sets security standards for every company that stores and processes credit card transactions.
Here’s a PCI DSS compliance guide for Temecula businesses, including the compliance levels, standard requirements and how PCI DSS affects your business in the cloud.
There are three ongoing steps with PCI DSS compliance:
Assess. You need to know where everything is in order to protect it. Identify all cardholder data, inventory IT assets and analyze them for vulnerabilities.
Repair. Fix the vulnerabilities you’ve identified and implement secure business practices to protect them.
Report. Document the assessment and repair details. Submit compliance reports to your card and banks you do business with.
Businesses and processes change constantly. PCI DSS is a continuous process. Below is a brief overview of how to get started to identify and comply with PCI DSS.
All businesses that handle credit cards need to follow PCI DSS, even if you only handle a few credit card transactions a year.
There are six categories and 12 requirements to prevent credit card fraud.
Build and Maintain a Secure Network
Protect Cardholder Data
Create a Vulnerability Management Program
Implement Strong Control Measures
Consistently Monitor and Test Networks
Uphold an Information Security Policy
Every company that uses cardholder data must be PCI DSS compliant. But it’s difficult to constantly assess, repair and report on the security of your environment — especially in the cloud.
The cloud complicates security. PCI DSS is a shared responsibility between cloud services providers and their clients.
PCI DSS compliance in the cloud presents new challenges for Temecula businesses. It’s difficult to identify who is responsible for certain compliance controls. If you’re migrating from on-premises servers, your traditional controls and auditing processes may not work.
When working with a cloud services provider, it’s important to define security requirements and designate responsibilities for operation, management and reporting.
Ask your cloud services provider for evidence that their processes and components are PCI DSS compliant. If you’re working with a managed services provider (MSP), they can help you identify security loopholes and help you secure your environment.
MSPs can help businesses meet and maintain the twelve compliance levels. They’ll also leverage a third party approved scanning vendor (ASV) to provide an additional security layer of checks and balances to ensure all PCI DSS requirements are met.
At Helixstorm, we can help you not only identify security loopholes but create and implement an IT roadmap to help you get there. Give us a call today to get started.
PCI DSS Cloud Computing Guidelines
PCI Security Standards Council FAQs
Credit Card Company Resources: