Merchants need to learn from the security mistakes of other companies when securing their sensitive data. Many companies become lenient with their security protocols over time. Unfortunately, many merchants won’t maintain their security until they or another company suffers a major breach.
Well, here are some security wake up calls to alert every merchant…
Email-services firm Epsilon reports data breach
Vodafone’s Breach A Painful Lesson In Shared Passwords
Security breach emphasizes need for PCI security
Payment processor Heartland reports breach
These articles report breaches that were preventable through secure practices. Lucky for you, the merchant, there are many steps you can take today to prevent yourself from getting breached. All of the following practices are required for compliance with current PCI PA-DSS standards.
Important Practices for PCI Compliance
Protect Cardholder Data: Switch to a Tokenization System
Most security breaches occur at the merchant level where data is stored. SMPLink™ works exclusively with TransactionVault® to remove the risk of exposure by taking the data off the merchant system and storing it in its own secure location and then returning a token of representation. This token is useless to hackers attempting to steal or compromise credit card data.
Build and Maintain a Secure System
Do NOT use vendor-supplied defaults for system passwords or other security parameters. Use and regularly update antivirus software. All other programs and applications connected to the computer or network should be verified for security before installation.
Regularly Monitor and Test Networks
Track and monitor all access to network resources. Regularly test security systems and processes. Keep all network security up-to-date.
Change Passwords Regularly
Require your employees to change their passwords regularly. Be sure to enforce the use of strong passwords.
Limit Administrator Account Access
The computer administrator account should be limited to only those whose job absolutely requires access to it. All other persons requiring computer access should be assigned a unique log in ID.
Educate Your Staff
Teach your employees about secure practices and protecting cardholder data.
If you follow the above steps, you are on your way to preventing breaches and being compliant.
More information on PCI Security can be found here
Bunt Software is the maker of SMPLink™; a PA-DSS validated credit card interface software developed specifically for Panasonic System Manager Pro (SMP) users that integrates seamlessly with Merchant Link’s TransactionVault® – a system that stores sensitive cardholder data in a secure vault – not on your back office computer.
There is ONLY one PA-DSS compliant credit interface for the Panasonic System Manager Pro (SMP) point-of-sale system: SMPLink™
SMPLink™ has now successfully processed over 3.2 million transactions!
Find SMPLink™ on the PCI Council List of Validated Payment Applications.