Understanding Your Risk - Protect In-House Access to Your Card Data

By Lynn Skurla Perkins | Mar 13, 2019 1:12:26 PM

Here is the next in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:  Understanding Your Risk - Protect In-House Access to Your Card Data.

PRIVILEGE ABUSE IS THE TOP ACTION LEADING TO BREACHES – ABOUT 55% OF ALL INCIDENTS REPORTED.

Here is a list of recommendations from the Council:

ACCESS CONTROL IS ALL IMPORTANT. Set up your system to grant access only based on a “business need-to-know.” As the owner, you have access to everything. But most employees can do their job with access only to a subset of data, applications, and functions.

LIMIT ACCESS to payment systems and unencrypted card data to only those employees that need access, and only to the data, applications and functions they need to do their jobs.

KEEP A LOG. Track all “behind the counter” visitors in your establishment. Include name, reason for visit, and name of employee that authorized visitor’s access. Keep the log for at least a year.

SECURELY DISPOSE OF DEVICES. Ask your payment system vendor or service provider how to securely remove card data before selling or disposing of payment devices (so data cannot be recovered).

SHARE THIS INFORMATION. Give this guide to your employees and business partners so they know what is expected.

Read More >

Understanding Your Risk - Use Trusted Business Partners

By Lynn Skurla Perkins | Feb 26, 2019 11:50:11 AM

Here is the next in the series from the PCI Council's -  How to Protect Your Business With These Security Basics.

Security risks are everywhere these days - everyone up and down the chain is affected.  At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.  

This month's topic:   Use trusted business partners and know how to contact them.

It’s critical you know who your service providers are and what security questions to ask them.

Here is a list of recommendations from the Council:

Read More >
COMMENTS
Download our free Purchasing Point of Sale Checklist!
Free Purchasing POS Checklist