ISO 27001 | SSAE 18 SOC 2 Certified Sales: 317.275.0021 NOC: 317.275.0001
Let’s say a customer swipes a card at a retail store. A month later they create a ruckus at the store, complaining that after that swipe, their card has been charged a few thousand dollars elsewhere. Imagine the huge negative publicity on social networks and all over the internet, not to mention possible lawsuit compensation. This is a huge headache for businesses, and a risk for any business. The possibility of data theft in today’s world is endless:
- Card swipe devices
- Online transactions
- Server or point-of-sale PCs being hacked
- Wi-Fi/ LAN snooping
- Plain old printouts
- Any third party or franchises
Fortunately, there are ways to evade damages, and the ‘Payment Card Industry Data Security Standard’ (PCI DSS) will help you in mitigating these risks. This standard is made to securely deal with payment card data and transactions. Historically, it was created by merging the individual security standards of Visa and MasterCard.
There are three steps for complying with these standards. Note that these steps are not the kind of once implemented and later forgotten; rather, they are regular processes of continuous improvement:
1. Assess: Identify all possible card related processes and find out any loopholes that can put customers’ card data at risk. These include but are not limited to:
a. Card data that is in your possession, whether in paper or electronic form.
b. IT/ Electronics assets.
c. Business processes involved in a card transaction.
2. Remediate: All loopholes found by analyzing the above steps and processes need to be fixed. Additionally, make sure that cardholder’s data is not stored unless absolutely needed.
3. Report: Create a report of all solutions found and steps taken to remedy loopholes (if any). This report of compliance is then to be submitted to your card payment brands and acquiring banks.
In regards to data centers, specifically, rules 9.1 to 9.4 of the Self-Assessment Questionnaire (SAQ) apply. These rules stipulate requirements for physical access control and video surveillance of the cardholder’s data environment, procedures to differentiate visitors from employees, and visitor logging procedures, such as visitor log maintenance and authorizing visitor access.
Complying with these standards can be quite a task especially in the face of changing technology and payment methodologies and regulations. For handling all your data center needs, you can visit https://lifelinedatacenters.com/ to consult with the experts in data centers that are PCI/DSS compliant.