Click Here to Learn how to park or have your real estate license held or warehoused by a leading Ontario Brokerage and save your license and money.  Whatever your reason to hang or warehouse your license is, part-time, found another job/career, maternity leave, retireing, this is your opportunity to cut down your operating expenses in a huge way!

PCI, or PCI DSS as it is formally known, is a set of security standards voluntarily implemented by a consortium of major credit card processors in an effort to reduce credit card number theft, and to prevent related identity theft.

In the face of growing identity theft problems, the card companies formed the PCI Security Standards Council in 2006, and released the first version of the standards in 2007. These standards apply to all businesses and organizations that accept credit cards.

The following is a summary of the major points of the standard:

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Requirement 5: Use and regularly update anti-virus software

Requirement 6: Develop and maintain secure systems and applications

Requirement 7: Restrict access to cardholder data by business need-to-know

Requirement 8: Assign a unique ID to each person with computer access

Requirement 9: Restrict physical access to cardholder data

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes

Requirement 12: Maintain a policy that addresses information security

While necessary to help reduce identity theft, implementing these standards can be an expensive and daunting task, particularly for the small business. The penalties for failing to comply are equally as scary, including loss of the ability to accept credit cards, and large fines imposed by the major card processors.

Compliance is not easy for anyone, but there are tips and shortcuts which can help ease the pain for small businesses. My recommendations include:

1. Don’t store any credit card numbers at your facility in any form (electronic or paper) beyond the transaction unless required. By not storing credit card numbers in your facility, you ate subject to a somewhat simpler form of the standard.
2. Install a firewall.  A firewall is relatively cheap protection, and is the most fundamental requirement of PCI. It is explicated mandated under Requirement 1, and necessary for meeting some of the other requirements. Look for a professional firewall such as Sonicwall, rather than a consumer model.
3. Look for a security policy template on the Internet, and customize it for your use. You can usually find an inexpensive consultant to help you with the customization to save time.
4. Make certain you have active anti-virus licenses on all systems, and verify that they are set to obtain updates automatically. I recommend sticking with one of the major anti-virus companies such as McAfee, because their size usually allows them to respond to new outbreaks more rapidly. Also, some firewalls enforce anti-virus checks, and filter viruses themselves.  Using such a firewall adds an extra layer of protection.
5. Use a third-party vendor to do a quick evaluation of your PCI compliance status. Do this before you schedule your penetration test as mandated under Requirement 11.
6. Implement an employee security training program to make sure that your employees help you to continue to be in compliance. Such training is also helpful in protecting your business from other security issues.

PCI is a bit intimidating for small businesses and organizations, but compliance can be achieved, and it can be done economically.

For a more complete summary of the PCI requirements, you can view my 12 minute video PCI Primer.  Also, visit my resource page for links to important PCI-related sites.

© 2009 eNable Business Solutions, all rights reserved

Robert C. Covington is a telecom and network security veteran, with over 20 years of experience supporting the telecom and network needs of businesses, from SOHO offices with a single employee, to large call centers. He was an early adopter of VOIP, first using it to support remote workers 1998. He also implemented his first firewall shortly after the technology was commercially available.

He is currently the Founder and President of eNable Business Solutions (http://www.enablebusol.com), a company focused on providing end-to-end technology support for small businesses and organizations. His article, “Bringing Your Phone System Into the 21st Century”, was recently published in REV Magazine,

Click Here to Learn how to park or have your real estate license held or warehoused by a leading Ontario Brokerage and save your license and money.  Whatever your reason to hang or warehouse your license is, part-time, found another job/career, maternity leave, retireing, this is your opportunity to cut down your operating expenses in a huge way!

Technorati Tags: licences active across Ontario.

Tags: licences active across Ontario.

This entry was posted on Sunday, November 22nd, 2009 at 12:21 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.