PCI Compliance

PCI Compliance from EarthLink Business?PCI Compliance

PCI Compliance was originally engineered as a joint venture several major credit card companies including Visa, MasterCard, AMEX and others to protect cardholder information and reduce data theft and fraud.  While the initial version was released in 2004, two software updates have been released.  The most current release occurred in January of 2014.  PCI compliance is mandatory for all organizations who accept Visa and MasterCard credit cards.  If a retailer is found to be noncompliant, it could incur significant fines and be restricted from transacting Visa and MasterCard business until compliance is achieved.

What comes to mind when you think about a data breach?  For me, I think about large companies.

In January of 2014, Neiman Marcus’s in store customers that used credit and debit cards were hacked and the personal information of as many as 350,000 customers was compromised.   The breach occurred when malicious software was installed onto the Neiman Marcus system that collected payment card data from customers that transacted between July 16, 2013 and October 30, 2013.

I believe the shock waves continued when we heard about similar breaches at Target, Sally Beauty, Michaels, UPS, Home Depot, JP Morgan Chase, Kmart, Staples and Sony to name a few.

Data breaches in 2014 was a top story that troubled the credit card industry throughout 2014.

While Merchants often underestimate the financial impact of a breach, some of the direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation.

While most retailers are aware of PCI Compliance, many lack the essential safeguards required to deploy it.  PCI Compliance is not a one-time achievement, but is validated on an ongoing basis.  The terms of validation vary based on the number of annual credit card transactions.

EarthLink offers PCI Compliance Solutions!

EarthLink offers a full-range of services to support merchants who wish to become PCI Compliant.  Solutions available include EarthLink’s PCI Protect which provides Level 2-4 merchants with $100,000 in breach protection per location subject to per occurrence and yearly aggregate limits of $500,000 to cover eligible expenses as well as tools to validate PCI Compliance.

EarthLink’s PCI Assist, part of their PCI Compliance Solutions Suite of products, is an optional add-on.  EarthLink also offers PCI Certify which offers a customized professional solution that can include PCI gap assessment, an on-site security audit also known as a Report on Compliance that must be completed by a Qualified Security Assessor (QSA), and Level 2-4 Self-Assessment Questionnaires (SAQ’s) to document PCI Compliance status reported annually.

The following is a list of thought provoking questions that will help you to identify whether or not your company needs ELB’s PCI Compliance Solutions.

PCI Compliance 3.0 Readiness Assessment – EarthLink Business

1) Do you maintain a written description or diagram of how credit card data flows through your systems that includes any third parties that help maintain your company’s network or IT platforms?

Yes
No
Don’t Know
Please select an answer above.

2) Do you maintain a list of third parties that are in scope for your PCI audit?

Yes
No
Don’t Know
Please select an answer above.

3) Do you maintain an inventory of system components that are in scope for PCI (all hardware, software, etc.)?

Yes
No
Don’t Know
Please select an answer above.

4) Do you have clearly defined security roles and responsibilities with all third party vendors that are in scope for your PCI audit?

Yes
No
Don’t Know
Please select an answer above.

5) Does your company have policies and procedures in place to ensure third parties comply with PCI security standards?

Yes
No
Don’t Know
Please select an answer above.

6) Does your company have a formal process for evaluating security risks?

Yes
No
Don’t Know
Please select an answer above.

7) Has your company performed third party attack and penetration testing in the last 12 months by a company using an industry accepted penetration testing methodology?

Yes
No
Don’t Know
Please select an answer above.

8) Are authentication mechanisms such as physical security tokens, smart cards, and certificates linked to an individual account and assigned to an individual employee?

Yes
No
Don’t Know
Please select an answer above.

9) Does your company use network segmentation to reduce risk to your PCI environment?

Yes
No
Don’t Know
Please select an answer above.

10) Does your company have a process that protects POS devices or detects POS device tampering?

Yes
No
Don’t Know

If you answer NO to more than 3 questions, we invite you to contact Caleidoscope and let us help you get set up with ELB’s PCI Compliance products and services.

To learn more, speak to a Network Consultant at Caleidoscope Solutions.  We are an authorized EarthLink Business representative about PCI Compliance Solutions from EarthLink Business.