One of the most difficult things about trying to run a business in the midst of the technological revolution is trying to keep up with all of the different compliance requirements necessary to protect customer information and avoid fines. At the beginning of the year, the Payment Card Industry security standards council released their PCI 3.0 revision which included new requirements that take effect at the end of next month. With only a few weeks until June ends, businesses that are unprepared risk fine and other repercussions if they don't act quickly to comply to the new standards.
Five new requirements are being put into effect, including changes in Web security standards and monitoring techniques. According to the cybersecurity firm Trustwave, enterprises that suffer a data breach once the new requirements have taken effect can expect between $100,000 and $500,000 in fines from the credit card companies on top of the 8 percent to 19 percent customer churn rate that comes as a result of retail security breaches.
"Companies that don't meet the new requirements can be fined as much as $500,000."
The increased emphasis on security and compliance is causing businesses to do everything possible to avoid negative consequences. A lot of information is covered in the new PCI requirements, so here are five big changes coming at the end of June.
1) Unique credentials for all employees
While PCI has always required each employee to have their own login credentials for sensitive systems, third-party service providers are now also being held to this standard. Now each employee has to have their own unique account as well as different user accounts for each customer they work with. This way, if cybercriminals are able to crack one password they won't have access to every account.
2) Accept responsibility for customer data
Unlike before when there was mostly an honor system for third-party service providers, now they must acknowledge in writing that they will be held responsible if anything happens to cardholder information.
3) Project payment terminals
While businesses have always been required to ensure their point-of-sale terminals were secure, there is a new requirement that calls for devices to be inspected at regular intervals to ensure nothing has been tampered with and systems have no vulnerabilities.
4) Customers must be logged out
When customers use a merchant's public kiosk at an airport or mall, they can often close out of browsers without logging out of an account, leaving them at risk. A feature must be added to automatically logout a customer after a certain amount of time of inactivity, and an account must be locked after three to five unsuccessful logins to prevent hackers from trying an unlimited amount of passwords.
5) Use penetration testing on PCI environments
Penetration testing has been required for some time now, but the new regulations offer improved guidance for what exactly that means for businesses. The focus is now to test from all internal locations that aren't part of the cardholder environment and check the walls built to keep PCI environment protected from everywhere else.
One of the best ways for companies to make sure that they are remaining PCI compliant is by implementing a secure communication and document sharing solution like fax over IP. Cloud-based faxing is an alternative to traditional communication options that offers the ability to securely send and share customer financial information in a manner that meets PCI requirements. FaxCore, one of the most reliable FoIP service providers operating today, employs an encryption algorithm developed by the National Security Agency so documents sent by fax are secure while in transit and at rest. Once sent, the contents of a fax are stored on an organization's dedicated server and a database of shared information is created that can only be accessed by those with the encryption key. Faxes sent with a FoIP service can be received as an email on any connected device, making it not only a secure way to send customer messages but a convenient one also.
Enhance enterprise communication, collaboration and compliance efforts with a proven FoIP solution from FaxCore. Contact FaxCore today to learn more about their 'Partly-Cloudy' fax solutions.