Maintaining PCI Compliance during good times can be a chore, especially for small business owners as they are not usually staffed with an IT department to help keep their POS software and POS hardware secure from malicious entities. Maintaining secure systems will deter all but the most dedicated hackers and thieves. So here are a few steps that anyone can take to help secure their business and their customers’ information.
1.Network – Make sure that your router is not using the vendor default password that it comes programmed with. Change it to a password that has at least 7 characters and includes a number and at least one capital letter. A router is a hardware firewall. If it is secure using these guidelines it will prevent the majority of intrusions.
2.Anti-Virus – Make sure you have an anti-virus software program on your computer at all times. Make sure that it’s not turned off or disabled, and that it is always up to date. Having up-to-date anti-virus software will help keep you secure from most viruses that could be used to breach your data or harm the operation of your POS system.
3.User Control - Make sure that users in both Windows and in the software that you are using for your system are restricted to only the functions that are necessary to operate the point of sale system and to do their job. A basic cashier does not need access to credit card batching information; don’t allow them to have it using the employee controls built into your chosen POS software. All passwords for users should follow the secure password formula: a password that has at least 7 characters including a number and at least one capital letter. You should change your password every 90 days, and never reuse your passwords. Deleting the user IDs for terminated employees from your software within 48 hours of termination is also a good rule to follow.
Following these simple steps is a must for meeting the PCI Compliance checklist. The steps outlined not only protect your customers’ data and your data from a breach, but they also protect you from lawsuits and possible fines for not following the required PCI Compliance Guidelines.