PCI DSS stands for the Payment Card Industry Data Security Standard, and every retailer using EPOS solutions needs to be aware of what PCI DSS entails.
Seeking to prevent fraud across the retail industry
PCI DSS is so important because major card providers Visa and Mastercard both insist that electronic retailers follow its standards. Because it sets out to ensure that users of electronic payment systems are protected from data breaches and other security problems, complying with PCI DSS should be a no-brainer for anyone adoption EPOS.
Tightening every link in the payments chain
When applying PCI DSS standards, retailers need to look at every point along the payment chain where customers' vital information could be lost to fraudsters. One obvious point is the card reader itself. The encoded numbers held on the credit or debit card can be read out onto other cards and used by fraudsters, so retailers are required to take certain steps to make sure that their readers cannot do this. Vital information could include the expiration date of the card, its Primary Account Number and the security code (on the back of the card).
Think about how PCI DSS relates to staff and network security
However, PCI DSS is not all about the card reader. Retailers are also asked to look at the security of physical data (such as papers) and the security of their online databases as well. Wireless routers have been highlighted by PCI DSS as one area of particular concern. Another area of vulnerability is staff training, and PCI DSS recommends that all staff are trained to prevent fraud. The general idea is that private credit or debit card data should be protected at all times.
Compliance with PCI DSS should be stress free
Learning about what PCI DSS requires is not difficult. Merchants can complete a simple questionnaire laying out each area of compliance. A list of approved card payment readers is also provided in the PCI DSS website, and useful guidelines are made very clear. For example, it is recommended that firms never store customer's payment details on paper, and that any wireless routers are firmly secured via encryption with strong passwords. To prove that they are compliant, firms then have to make a brief report to banks and credit card companies. It shouldn't be too painful, and can save a lot of trouble along the line.
Not complying with PCI DSS can lead to criminal prosecutions and bankruptcy. After all, customers take a dim view of firms which provide their personal details to fraudsters. So any firm installing EPOS systems should ensure that they are PCI DSS compliant as soon as possible.