Be Ready for PCI Changes Coming July 1
Just a friendly reminder to those who process credit card transactions that July 1 is a key date, in terms of security compliance. On this date all North American merchants who process transactions must be making use of Payment Application Data Security Standard (PA-DSS) verified payment applications, in support of the Payment Card Industry Data Security Standard (PCI DSS). A payment application is anything that processes a credit card transaction. For example, the machine that swipes a credit card in a gas pump and the point of sale (POS) device at a convenience store counter are both considered payment applications, and need to be certified. Failure to use verified devices could result in penalties.
Also, as this post over at NetworkWorld points out, all PCI DSS compliant businesses that are processing credit cards need to make sure that none of their Wi-Fi networks are using WEP (Wired Equivalent Privacy) to secure their access points after June 30, 2010. Current access points offer WPA or WPA2 (Wi-Fi Protected Access) as a security protocol; however, if you have older access points in your network, you need to make sure they are not using the deprecated WEP protocol, as it is not secure. Leaving such access points in place would jeapordize the PCI DSS standing of a merchant.
One last bit of PCI DSS news this month concerns the cycle at which updates to the PCI DSS standard will be published by the the PCI Security Standards Council. It was announced earlier this week that it will move to a three-year cycle when updating the technical standards for protecting payment card information. This new schedule will give merchants more time to adopt the changes, which has been a common request.
If you have questions about how to make sure your network is up to the task of providing compliant data security measures to safeguard your business and protect customer data, give us a call. We're ready to assist you with PCI DSS issues, and connect you to our PCI DSS approved payment processor extranet, which will ensure your business is using a secure network that is ready to protect the transactions your business relies on.