If you are a business owner you might have received those ‘nagging’ phone calls insisting that you make sure your database systems are PCI compliant and that you could receive fines if you do not enforce PCI DSS. Many people believe this is a scam in order for the authorities to make more money from small businesses trying to process, but in this article I wanted to point out why I think PCI is a great service for society.
PCI guidelines are very helpful for people running their own small stores and who might not have the time to do all of the manual checking of their systems and therefore wish to cover the general aspects of keeping customer credit card details secure. Fraud is a very serious matter for the general public as well as merchant’s, although there are new technologies such as Chip and PIN which make it harder for criminals to clone cards, it is up to the business manager to train staff to recognize social engineering tricks and skimming devices which might also be used to obtain sensitive card data.
You might think that checking individual routers and computer systems at your offices is a very time consuming process and you do not know how to contact the relevant governing bodies to register you as compliant. Many third party providers who set up payment processing can now take care of PCI checks on your behalf, they also offer useful online resources in the form of PDF’s and checklists(One source is http://www.seymourdirect.com/pci)
Don’t forget that it is not only face-to-face card transactions that are vulnerable to fraud and require PCI compliance, if you manage an online business you also need security features that can be taken care of by a PCI compliant vendor. Payment gateways and internet merchant accounts offered by the likes of Sagepay and Trustwave have secure checkouts for online shoppers, this often requires a password to be entered on the ‘Verified by Visa’ added webpage just before you received your receipt.