How to maintain PCI compliance
April 24, 2015

Small businesses need to maintain compliance with the Payment Card Industry Data Security Standard. Security is increasingly important as the number of data breaches grows. Even if retailers were not impacted by a breach, they likely experienced security incidents. Forty-five percent of U.S. consumers received a notification from a card issuer in 2014 to indicate that their card information had been intercepted in a data breach. Avoiding security risks helps retailers preserve their reputations with customers. Merchants need to consider their current credit card processing software for potential risks.

In its annual "PCI Compliance Report," Verizon found PCI compliance is increasing across the board, but there is still room for improvement. Four out of five companies failed to meet PCI standards during interim assessments. Current strategies to mitigate risk may not be sufficient, especially because the research indicates companies' PCI compliance is not sustainable. After successfully adopting PCI standards, only 28.6 percent of businesses were still in compliance after one year.

What can retailers do to maintain PCI standards?
The PCI DSS provides a framework for retailers to protect payment card data. Earlier this year, PCI 3.0 went into effect to strengthen companies' awareness of data threats. In particular, PCI 3.0 addresses educating businesses on the importance of strong passwords, according to CSO. Weak passwords expose retailers to potential vulnerabilities, but they are easier to avoid than many other risks.

In addition, PCI 3.0 offers a new methodology for penetration testing. This approach is critical for defending against cyberattacks.

Although EMV cards are expected to reduce the risk of fraud, retailers need to take steps to protect stored credit card information in their point-of-sale systems. Merchants should limit the amount of data they store and utilize encryption. Additionally, retailers must protect keys to unencrypt the data.

New technology could help protect merchants and consumers
In addition to EMV, some new developments could help retailers maintain PCI compliance and protect customers. The Verizon report described 3D Secure, which would require cardholders to enter a password to complete a transaction. While this tactic has been widely used in e-commerce, it is not as common in brick-and-mortar stores.

Moreover, tokens will be implemented along with the EMV transition. EMV-enabled POS terminals system will use dynamic data to replace card information with a token for the transaction.

The use of credit cards is increasing, but so are data breaches, according to Verizon. Retailers need to be aware of new technology that can help them maintain stronger compliance.

Nexus: G-WEBCD5