With the Notifiable Data Breaches (NDB) scheme now in place in Australia, it is more important than ever to ensure your business is collecting and storing credit card information in a secure manner.
The topic of PCI Compliance is huge, and there are entire web sites that provide all the details. If you want to get fully educated on this topic, we recommend that you go to the source: The PCI Security Standards Council web site.
How to be Compliant
PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data.
The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.
If your company accept payment cards, you are required to be compliant with the PCI Data Security Standard. Each of the major credit card issuers and acquiring banks have slightly different compliance requirements, but all follow the same general standards.
You Need to be Compliant
More than 600 million computer records containing sensitive personal information have been involved in security breaches in the U.S. between 2005-2013, and with the number of recent massive online retailer breaches, that number has easily doubled since then. Now criminals are shifting sights to small merchants because many have lax security for cardholder data. More than 80% of attacks target small merchants. If your business is at fault for a security breach, business fallout can be severe:
- Fines and penalties
- Termination of ability to accept payment cards
- Lost confidence, so customers go to other merchants
- Lost sales
- Cost of reissuing new payment cards
- Legal costs, settlements and judgments
- Fraud losses
- Higher subsequent costs of compliance
- Going out of business
How NetCare can help
The NetCare PCI Assessment service helps your business protect cardholder data. Using a comprehensive software tool, we’ve combined automatic collection of network and computer data with custom-generated worksheets that our professional service team work through with you. Data from the various scans and worksheets are then all automatically analysed and seamlessly integrated into a set of PCI assessment reports.
The deliverable to you is a tangible set of documents that will help you understand your risks, if any, and serve as your "proof" that you've done your due diligence in the event of a surprise audit or post-breach investigation:
- PCI Policies & Procedures Report
- PCI Risk Analysis Report
- PCI Risk Profile Report
- PCI Management Plan
- Evidence of PCI Compliance Report
- PCI Site Interview Guide
- External Port Security Worksheet
- Cardholder Data Environment Worksheet
- Network Device Identification Worksheet
- Server Function Identification Worksheet
- User ID Worksheet
- Antivirus Capability Identification