Hardware and Software
The credit card processing hardware and software that you use to accept payment cards must meet all current payment card industry security standards. This PCI compliance is a major step in your efforts as a business owner to protect your company and your customers from data breach, identity theft and other forms of fraud related to credit cards.
Hardware and software compliance means that all of your credit card processing equipment meets all the requirements set forth by the Payment Card Industry Security Standards Council (PCI SSC) in the PCI Data Security Standards (PCI DSS). In effect, PCI DSS lays out the best practices for all merchants and service providers who accept credit and debit cards as well as other forms of electronic payment. The standards also apply to other entities involved in credit card processing, including issuing banks and merchant services providers like Merchant Express®.
If your credit card payment system is breached because its hardware or software is noncompliant, it could have a serious impact that could affect the way you do business. For example, you may experience less efficient or failed payment transactions, computer crashes, longer downtimes, an inability to obtain replacement parts and a loss of technical support or service. However, there are far more serious consequences as well, including the fact that your customers’ sensitive personal and financial information could be compromised, leaving them wide open to identity theft and credit card fraud.
To ensure that your hardware and point-of-sale software package are PCI compliant, PCI DSS requires that a quarterly scan be performed on your network, operating systems, processing software, servers and devices, including card terminals. The scan must be performed by an Approved Scanning Vendor (ASV) chosen from a list provided by the PCI SSC.
It’s important to note that when any part of the credit card processing network is noncompliant, all data within in is at risk of being breached. That’s why old, unsupported or obsolete payment terminals that do not meet PCI DSS requirements should be replaced. If a merchant continues to use a noncompliant credit card machine and a data breach occurs, they face fines and penalties of hundreds of thousands of dollars in addition to jeopardizing the merchant account that enables them to accept credit cards. Ultimately, they may suffer damage to their reputation, lost customers and missed sales that could lead to the demise of their business — all because they didn’t invest the effort to become and remain PCI compliant.
As a merchant or service provider who accepts credit cards and other forms of electronic payment, it is your responsibility to make sure that your operation complies with the PCI DSS. At Merchant Express, we work with all our merchants to help ensure that their credit card payment systems are secure and compliant. Talk to one of our representatives to learn more.