Why You Should Prioritize PCI Compliance Now

We are all amid a global pandemic right now. Businesses are struggling to remain viable or reopen safely as quickly as possible. It’s no wonder that those major issues remain top of mind for business leaders everywhere.

There’s one very particular area you simply can’t neglect right now: PCI compliance. But why bother about PCI when the large majority of the business world is just working to keep its head above water?

It all comes down to risk—and how to handle it. At a baseline level, the risk is typically any situation that exposes us to danger. Today, many of us are facing high levels of risk in both our professional and personal lives.

Compliance can make a big impact

If you work in a large organization, you might have an entire dedicated risk management team. If you work in a small business, you might form the entire team by yourself. Either way, focusing on PCI compliance is a good way to enhance risk management.

In addition to helping you manage risk, concentrating on PCI compliance can positively affect your bottom line by empowering you to:

1. Reduce occurrences of internal theft

2. Help stop cyberthreats

3. Prevent fines, fees, and legal risk

1. Reduce incidents of internal theft

One complex issue in many retail settings is how to manage internal risk. This includes thinking about how to reduce employee “shrink.” Carefully adhering to PCI controls can help you immediately identify employees shrink and reduce it.

Here are two tips to help you get started:

Limit access. Implement least-privilege access protocols and avoid giving full admin rights to your POS systems and back-office computers. Stores must become much better at limiting employee access to PCI-scoped equipment on an as-needed basis.

Keep your site cameras in good working status. Always make sure cameras cover your registers, back-office computers, and the network devices that keep all connected. Cameras are both a strong deterrent and a good tracker of activities.

2. Help stop cyber threats

Have you seen all the current reports on rising cybercrime during the pandemic? We’re also seeing more phishing attacks along with attacks on remote environments. You can lessen it by following some basic PCI compliance guidelines, such as:

Segment key parts of your network. Unless required, your POS systems shouldn’t directly talk to anything else on the network. For example, someone shouldn’t be able to access your guest Wi-Fi and remotely log into your POS. Tightening your segmentation controls can stop hackers from easily accessing critical financial and customer data through less-secure systems.

Use multi-factor authentication (MFA). If someone can guess or steal your username and password, MFA would ask them to also access your phone or other second factors to steal your data. That’s why MFA is probably the greatest security enhancement you can make.

Clearly define strong firewall rules. You should always try to limit unauthorized traffic on your network. Continually tighten your firewall rules to help stop the intrusion.

3. Prevent fines, fees, and legal risk

If your SAQ shows any gaps in PCI compliance, you can bet that your bank will notice. And if they think you’re non-compliant, expect to incur fines and perhaps higher transaction fees for card processing. Non-compliance can also expose you to costly legal issues.

We all probably have enough risk to bother about right now without adding PCI compliance risk to the list. The best tip I can share is to do your homework and seek out expert guidance on ways to better manage risk. There are many excellent resources, such as the PCI-DSS guidelines, that you can tailor to fit your particular business needs.

Source: CPO Magazine