Really? Easy? Like anything in life PCI compliance can take some focus and work, but here’s a few tips to make your life a little easier and eliminate risk for your organization.
Tip 1: Where and who takes credit cards?
Seems like a simple question on the surface, but I have found departments and agencies may be processing and storing credit cards in places you never dreamed of or realized (thumb drives, backups, file systems, spreadsheets, word, databases, etc.). Inventorying credit card usage and storage across your entire organization is a great first step to PCI Compliance.
Tip 2: Don’t store credit card data
From the beginning we decided to NEVER store credit card data. Period. It is hard for someone to steal credit cards if you never have them within your possession except for the brief moment when transmitting and processing encrypted credit card. If you need to do recurring payments (subscriptions, installments, monthly payments, etc.) for a service you need to offer, your credit card service provider should be able to store the cards for you. Don’t store credit cards. Period.
Tip 3: Isolate your credit card infrastructure from everything else
PCI compliance is much easier when credit card cardholder data (primary account cardholder name, expiration date and/or services code) is isolated from everything else. Separate your networks, servers, and PCs that store, process and transmit cardholder data. Isolating your credit card infrastructure will make your PCI compliance easier.
Tip 4: Determine what PCI Self-Assessment Questionnaire (SAQ) you need to complete?
There are several PCI self-assessment or audited PCI questionnaires depending on whether you take credit cards online, by telephone, and/or card present at a counter (transactions volumes and amounts may also determine which questionnaire you need to complete). With the assistance of your credit card service provider you can determine which questionnaire (SAQ) is right for your organization.
Tip 5: Train your People
Your biggest weakness in maintaining security in your organization is people. Train them how to handle and process credit cards properly and to never to store them.
Tip 6: Get help if you need it
Getting and staying PCI compliance is a specialty. Don’t put your constituent’s information and your organization at risk. Help is available through the G2G Marketplace (www.g2gmarketplace.com) if you need professional services, scanning services, or have other PCI needs. We are here to help.
Tip 7: G2G Cloud Solutions Can Help
Oakland County provides online payment and over the counter credit card services that can make your PCI compliance much easier and affordable. If you are interested in learning more about G2G Cloud Solutions go to the web (www.g2gcloudsolutions.com) or call 248-858-1424.
Author: Jim Taylor, Chief Technology Officer for Oakland County, Michgian