Wednesday, October 6, 2010

PCI Update

PCI is here to stay. Much has and continues to be written about the PCI Standards, as it is constantly evolving and changing. The goal this month is to point out some of the recent changes and to have you re-evaluate your thoughts that “this won't happen to me” or that “I can worry about that later.”


The July 1, 2010 timetable has passed for ensuring that your pin pads are now PED compliant and processing with Triple DES encryption. Hopefully all retailers have done the upgrade to their pin pads; some retailers have found that the needed pin pads are in short supply. The processors have said they do not intend to fine for non-compliance at this time so there is a sort of temporary reprieve. This does not mean that you should not complete this update as well as be compliant with the new rules which will take effect January 2011.

Earlier this year in an article the two year cycle for PCI requirements was discussed. Due to feedback from different organizations, the PCI council has changed the process to three years in order to match other similar processes that are ongoing. This means you may no longer be compliant due to the changes made to the standards. Also as the industry has learned more about the requirements as well as the methods to meet those requirements, it will be very beneficial to work with your card processors and POS vendors to be sure that all is in order today.

Some software versions that were PCI compliant even just last year may no longer be listed as compliant today. This will continue for the foreseeable future, so just one upgrade does not mean you are set forever. Instead you should consider upgrading as often as every other year to stay up to date. Also keep in mind that the software is only part of 1 of the 12 steps which must be reviewed regularly.

The problem of credit card data theft continues. Even with strict adherence to PCI requirements, your business could be next. There are at least two benefits to being PCI compliant, first you are less likely to be victimized and second you have protections in place when you are. Please call us today at (607) 757-0181 for information on our programs that have been reviewed and certified as fully PCI compatible.

https://www.pcisecuritystandards.org/index.shtml