Data breaches remain at an all-time high as bad actors increasingly turn to sophisticated technologies to seek out gaps or weaknesses in business data environments.1
Consequently, it’s in our mutual best interest to do all we can to protect you and help you protect yourself from security threats. That is why all businesses who accept payment card data are required to become and remain Payment Card Industry Data Security Standard (PCI DSS) compliant – ensuring that core payment data security requirements and PCI best practices are in place at all times.
One of the most common data security misconceptions a business can have is that their payment data is secure because they validated PCI DSS compliance at some point in the past. In truth, PCI validation only reflects a point in time, so it is important to maintain a compliant posture on an ongoing basis, rather than considering it a box to check off once in a while.
Dynamics that can impact previous compliance
Original data security precautions can be thwarted by retail shifts in store setup and device additions, expansion of ecommerce services and administration of ecommerce activities, new payment access points and changes to operational procedures. Any one of these can leave a business more susceptible to security control failures, malicious attacks or accidental information leakage. We recommend that you:
- Create data security goals
- Assign responsibility for ensuring data security procedures are maintained
- Keep up with PCI DSS periodic scan requirements and periodic reviews
- Conduct security self-audits each time you make a physical or digital environment change
- Work with cybersecurity experts whenever possible for guidance and best practice tips
Is keeping up hard to do? We can help.
We recognize that maintaining PCI DSS compliance can take significant time and technical know-how to address. Elavon’s Safe-T security solution is a popular tool for our customers wanting to do all they can to protect themselves and their cardholders.
Feel free to contact me with any PCI DSS or security solution questions you may have.