6 PCI Compliance Tips for Small Business Owners

Kevin ToddMerchant Processing

Restaurants, retail stores and websites that sell products need to be aware of the new PCI (Payment Card Industry) compliance rules that are changing June 30, 2018. If you have a POS System, physical terminal, or accept payments online (eCommerce), your business must be compliant before July 1, 2018.

PCI compliance is a security standard setup to ensure that your customer’s data is being handled safely. Any merchant who accepts credit cards, must be PCI compliant. By being compliant, you protect your customers’ personal card data as well as assure them that your business is a trustworthy establishment.


How can you ensure PCI Compliance?

1.Change your password often:  This may seem like a simple suggestion, but many times businesses do not change their password from the generic “1234” to enter sales into their system. Change these stock passwords ASAP, and establish a regular routine of changing the password on a set schedule (every 90 days is a good general rule).

2.Use a firewall:  With everyone using WiFi networks everywhere, this means data can easily be accessed if a business is not careful. Installing a firewall can ensure cardholder data doesn’t become exposed to other businesses, guests or someone looking to steal your customers’ information.

3.Update your POS software or physical terminal: Cloud based systems will be updated automatically from the old SSL standard to the new TLS required standard. What this means is that you will need to:
Ask your provider to do a download, install and troubleshoot updates during off hours and before service — you don’t want to hold up any of your customers.Upgrade to a new system. Do nothing and not be able to accept payments via credit card on July 1st.

4.Cardholder information is seen by select staff only: Staff should only swipe or insert the card, process the payment and then return the card. If anyone, preferably only management has access to cardholder data, ensure they only see it outside the view of other staff members.

5.Keep transactions out of public view: Card processing should ALWAYS be kept out of public view. This may seem like a “no-brainer,” but many retailers and restaurants fail to take this into consideration.

6.Ecommerce sites need to switch from SSL to TLS: If your webpage is still running off of the old SSL (Secure Sockets Layer) version, you need to switch it over to TLS (Transport Layer Security). Try and do this before the end of April, so you are not feeling the “pinch” of the June 30th deadline.

Ensuring PCI compliance may seem like a lot to consider and stress out about, but don’t worry about the upcoming changes. Most of these items will only take a few minutes out of your day.

Merchant Match Charity is here to help walk you through the compliance process or discuss options on updating your legacy POS or terminal system to ensure compliance.