Attention All Businesses Processing, Storing, Or Handling Credit Cards: What You Need To Know About PCI Compliance

PCI Compliance is shorthand for Payment Card Industry Data Security Standard (PCI DSS), and it is a set of legal requirements for any business that processes, stores or accepts credit card payments, even if they use a third-party processor. PCI was designed with one goal in mind: to prevent credit card fraud and identity theft. To that end, there are 12 compliance requirements and all must be implemented for a merchant to be certified as compliant.

Who’s Behind It?

The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover, and JCB).

What Are The Requirements To Comply?

Most of the 12 requirements are just common sense. For example, you never want to store your customers’ credit card numbers in an unsecured media, like tape backups, and you want to use good, strong passwords for important web portals and system access.

Other parts of the compliance regulations are IT security measures you should have in place anyway, such as up-to-date firewalls, security patch management, encrypting cardholder data transmission, developing an in-house security policy and restricting access to your processing network. If IT security is not your core focus, then you probably want to bring in a team of pros (us!) to determine if you truly are meeting the compliance standards and to manage your network to ensure security stays updated.

How Do You Know If You’re Compliant?

A full list of the requirements, along with a self-assessment, can be found on this website: http://www.pcisecuritystandards.org. But if you want to be certain, give us a call for a FREE Network Assessment so we can look at your computer network and systems to see where your weaknesses lie. Even if the PCI security requirements weren’t mandated by law, these are the kind of guidelines you would want to adopt anyway to ensure the security of your processing system and your customers’ data.

3 Smart Apps You Should Be Using Now

Since the launch of Apple’s App Store in 2008, the number of smartphone apps has proliferated to the point where the catch phrase, “There’s an app for that” has been overheard in conversations everywhere as a joke answer to any question or problem.

But the reality is there actually has been a flood of smartphone apps designed to make our lives easier. Here are 3 popular apps people are talking about:

Evernote: The purpose of this app is to help you organize…well, everything! Evernote lets you capture images, notes, documents and more; but what makes this app super-useful is its ability to scan images and documents. If you’re looking for a way to finally organize your crazy-busy life, this may be it! Cost: Free

Notability: Along the same lines as Evernote, Notability is an app to help keep you organized; but what makes this app special is its ability to integrate handwriting, voice recording, PDF annotation, and media into a single app.

You can even enhance your notes by adding pictures from your photo library or from other mobile devices’ cameras. Insert web clips, figures, and drawings to compliment your notes. Crop, resize, and draw on images to make them perfect. Cost: $0.99

Robin For Android Phones: A Driver Friendly Siri: In case you’re not familiar, Siri is a very popular application for iPhones that is, essentially, an intelligent personal assistant turned into a cool voice-driven tool. But now Android users have their own “Robin” which is similar to Siri but built for drivers.

You can ask Robin for directions, local places, real-time parking, traffic info, gas prices, weather, your Twitter news, and much more. Best of all, you can keep your eyes on the road and off your phone. Cost: Free

5 Easy Things You Should Do To Protect Your Business

Let’s face it; no one likes to think about bad things happening to them, much less planning for them. But since September is National Disaster Preparedness month, we wanted to give you a quick “brush up” on some simple things you can (and should!) be doing to protect your business.

1. Review Your Business Insurance Carefully. Most businesses carry some type of general liability insurance that would pay them if their building and the things in it were damaged. However, many businesses do not have enough coverage to replace all the computer equipment and devices, desks, art, supplies, and other things they’ve accumulated over the years that are housed in their office. Make sure you review your policy every year and keep in mind new additions and assets you’ve accumulated during that year.
2. Consider Cloud Computing. One of the biggest advantages of cloud computing is that your data and assets are stored off-site in a highly secure, high-availability data center, with failover and redundancy built in. That means that if your building were destroyed and you had to evacuate, or if your server melted down due to an unexpected hardware failure, everything you’ve worked so hard to create over the years is safe and not a sitting duck in your unsecured closet or server room.
3. Secure Your Data. Making sure that your data is protected from theft is a never-ending battle you don’t want to lose. Companies that get hacked and expose sensitive client and employee data can face severe penalties, lawsuits, and massive loss of credibility in the marketplace. Make sure you never have to send an e-mail to your customers explaining the bad news that a hacker accessed their info through you. Further, if you keep any sensitive information (even passwords to portals containing sensitive information) on portable laptops, phones, and other devices, make sure you have a way of controlling and safeguarding that information.
4. Write A Simple Disaster Recovery Plan. The key word here is “simple.” If your plan gets too complicated or difficult, you won’t do it. But at a minimum, think of the disaster that is most likely to happen that would have a severe and negative impact on your company’s survival.
5. Review Your Employee’s Internet Policy. With so many people “addicted” to Facebook and Twtter, it’s important that your employees know where the line is in what they can and can’t post online. We also recommend content filtering software to block content and websites you don’t want employees visiting during work hours.