Wireless PCI Compliance:

The Payment Card Industry Data Security Standard

If your company handles payment card transactions or cardholder data, you need to be PCI DSS compliant. These security standards were put in place to protect consumers from businesses being negligent with their personal information.

Many states are now making these standards a part of their laws. Being negligent opens your company up for a potentially costly lawsuit, and when you are transmitting information wirelessly, you may not even realize you're being negligent. A security leak can also severely damage customer relations and business reputation.

Aside from state laws, the PCI DSS is enforced by the PCI SSC- the Payment Card Industry Security Standards Council. This is an independent organization that was created through all the major payment card brands' combined effort. These include Visa, MasterCard, American Express, Discover, and JCB. If you're found to be out of compliance, these payment brands may decide to fine your acquiring bank between $5,000 and $100,000 per month. The bank will then apply the fine to the merchant's account, as well as further penalties at the bank's discretion. These penalties can destroy a business.

Wireless PCI DSS Regulations

We at Bar Code Integrators, Inc have years of experience helping companies comply with the wireless PCI DSS. These regulations are precise and have specific deadlines, and apply even if you only accept cards over the phone, only use third-party processors, only accept debit cards, already have an SSL certificate, accept payment cards over the internet, or handle any volume of card transactions at all. The wireless guidelines were first published separately in 2009 and apply to any environment with a wireless local area network (a wireless LAN, or WLAN) in a cardholder data environment (a CDE). A CDE is any area that handles debit or credit card data. Your network will fall under various classifications which require different actions that need to be taken. Scanning, alert monitoring, and the preparation of an incident response plan may be necessary depending on the exact circumstances of the size and security of your CDE.

Your Company's IT Security

PCI DSS is meant to protect consumers from negligent businesses, and to protect businesses from vulnerabilities to scams, hackers, and other thieves. It's also meant to prompt businesses to consider their IT security so they don't fall victim to other attacks. Becoming wireless PCI compliant doesn't only protect the cardholder data you process, it also strengthens your company's security in its own right, making your own proprietary and confidential information much harder for someone to steal.

Following the spirit and the letter of the PCI DSS to increase your security standards could save your company millions. This applies especially if you are running a small business from your home, as home businesses are usually the least-protected. Quarterly scans need to be submitted to continue ensuring the safety of your company and your customers. To schedule an appointment with BCI, Inc, call us at 847-615-2933 or write us using the contact form below.

Powered by Alan Solutions