PCI Compliance is more than Hardware and POS Software
PCI compliance is big news these days. Companies are becoming more aware of the responsibility required to collect and maintain personal information such as…
- Names
- Addresses
- Phone numbers
- E-mail addresses
- Credit Card data
- Demographic information
Most retailers are relieved they are not in the medical fields and have to comply with the HIPAA (Health Insurance Portability & Accountability Act) rules. HIPAA made it the responsibility of business (the doctor, nurse, personnel, lab tech, etc) viewing or working with the information to keep the information private. If the information was not kept private and safe, the business could be fined heavily – $100 per violation, this adds up fast, up to $25,000 per year and if determined to be continued knowing misuse, $50,000 to $250,000 and 1 to 10 years imprisonment.
With more media coverage of ‘lost’ credit card and personal data and with identity theft on the rise, retailers are now being looked at much more closely just like the medical field with HIPAA. It is the responsibility of the person/people maintaining the data to keep the data safe.
With your Point of Sale software (POS software), it is easy to just ask ‘is the POS software PCI compliant?’, however, there is a lot more to PCI compliance than just data storage. The data must be protected as well. This can be thought of as you in your car. Just because you are in your car does not mean you are protected. You should put on your seat belt, make sure children are in approved car seats, your breaks are in good working condition, the tires have plenty of tread and air, you have plenty of gas to get where you are going, etc. As you can see, safety in more than just putting the data in a place that ‘should’ be safe.
A quote from an article in the April 2008 SC (Security) Magazine states the following, ‘technology can only go so far in meeting compliance mandates. Security is 80 percent process and procedure. Vendors can only provide technology to assist in compliance, not do compliance.’ Jeff Aliber, senior director, product marketing, Kaspersky Lab (makers of Anti-virus, Anti-malware, Anti-spyware, etc products).
To find out more information on PCI compliance and what is required above and beyond ‘is the data stored correctly’, visit the PCI Compliance Guide website.
