PCI Compliance is important to maintain year round, at all times. Any gap in PCI Compliance designation is a major liability for your business. Non-compliance can lead to many different consequences such as monthly penalties, data breaches, legal action, damaged reputation, and even revenue loss. Achieving and maintaining PCI Compliance, however, can be complicated and time consuming when not working with a payment processing expert that you can trust. REPAY strives to make PCI compliance as simple as possible for our merchants and partners. Here is a quick checklist in addition to this post to make sure you are getting started on your PCI Compliance for 2020 the right way.
In this blog, we provide a fun way to review your security systems and PCI Compliance touchpoints. However, we want to make one thing very clear: If you are not currently PCI Compliant, you need to fix this immediately, or better yet, yesterday. Every day that you are not PCI Compliant is a major liability for your business. This blog is not a guide to becoming PCI Compliant but instead a guide for our merchants who have already worked with our team, submitted their paperwork, and are now looking ahead. It is important to evaluate your systems constantly to maintain a safe and secure environment for sensitive cardholder data. This calendar for compliance is one method that we have seen used and thought that you might have an interest in.
January- Start the year on the safe side of credit card processing by being fully PCI compliant. Start with installing a Firewall/UTM device at all connections into the Cardholder Data Environment (if one is not currently in use). Next, make sure your vulnerability scanner is working properly. Find out the different influences that can interact with the security of your data and customers’ information. Make a list of all the people or organizations who could affect your cyber security.
February- Continue on the track of PCI compliance by developing an information security policy and conduct a PCI risk assessment. Find out all the places that credit card data is stored or processed in your system. Perform a formal risk assessment and seek out any weaknesses in the company/organizations cybersecurity.
March- Reduce the risk of a breach by creating a security awareness training program for the company to inform employees on the risks and safety of PCI compliance. If you already have a security awareness training program, now is a great time to do a refresher for your whole team. The employees who directly interact with payments or card data should be strongly educated on security and PCI compliance.
April- Update your security on inbound and outbound network rules to reduce the chance that someone can gain access to your systems. This will help protect your data. Setup an alarm or other security options to notify you when there is a possible intrusion. If you already have these systems in place, make sure they are functioning properly and research possible improvements that you can make. Try and keep your network locked down to only the ports and services that you need.
May- Test your security system to make sure it can withstand a potential breach. Review your incident response plan (IRP) and if you do not have an IRP now is the time to create one. This will help identify weak areas in your security that needs to be addressed. It will also give you a plan for what to do if something were to happen.
June- Check up on your yearly PCI compliance validation.
July- Manage who has access to your data system and update it accordingly. It is vital that only trusted members have access to this data. Review what sensitive materials you have on your servers like sensitive assets, remote access accounts, employee accounts, physical access, unused accounts, application accounts, and any other accounts that have access to your system.
August- A full penetration test can be performed to see the resilience of your system and point out weak spots that you may have overlooked. Attack all ports of entry and anywhere sensitive data is stored to see if entry is gained. Penetration testing can go much further than just a vulnerability scan can. It goes further than the automated process of trying to find simple vulnerabilities. Merchants must have a penetration test every year. Service providers validate their segmentation controls twice a year.
September- This is the time to fix any insecurities found from the penetration test and shore up any vulnerabilities in the system. This will strengthen your security by great lengths and minimize any future breaches from happening. The holidays are the most vulnerable time. Many breaches happen to companies during this cybercrime hike. Once fixing all potential vulnerabilities is complete, run the vulnerabilities test one more time to ensure that you have filled at least all medium-critical vulnerabilities and to make sure that no new vulnerabilities are present.
October- Consider ROI advantages of managed security services over in-house resources taking care of your security. Review options available to you and look for systems and solutions that provide better security than what you currently use.
November- This is the start of the holiday season which means if you are in retail it is time to make sure all physical security is up to date in your store. It is important that all members know the signs that indicate payment-related devices (terminals/POS/mobile swipers) have been tampered with or corrupted. Make sure all security components are up to date.
December- Congratulations! We have finished a year and should be more secure than ever before. Get ready for 2020: following this list will make the next year’s PCI Compliance process even smoother!
To protect and grow your business with credit card processing PCI-DSS Compliance, look no further than the experts at REPAY. We help remove the pain of becoming PCI compliant and work for you to reduce any fees you collect. REPAY is transparent and has fair policies around PCI Compliance to help our merchants become PCI Compliant as quickly and cost-effectively as possible. There is a lot of complexity to preparing and maintaining PCI Compliance. The average merchant should not try to do it all alone. Our REPAY team will help you develop a plan for your business to maintain PCI Compliance today and every day. Our free hands-on help provides one-on-one assistance that can’t be beat. We will do everything we can - just short of filling out the application for you, and that’s only because we can’t by law. Still, we will be there for you, on the phone to review step-by-step what you need to do so that you never have to feel PCI overwhelm ever again.
Learn how to get ahead of the curve with PCI Compliance and download our free Merchant’s Guide to PCI Compliance.
In this guide, we will cover the following PCI Compliance topics:
Contact REPAY today and learn how we can help your company with PCI Compliance and streamline your credit card payment processing.