If you are a merchant who accepts credit cards, then you need to securely store customers’ information. Major credit cards require business owners to follow the Payment Card Industry’s Data Security Standard (PCI DSS). The Payment Card Industry Security Standards Council considered the acceptable manner to store this information is on payment applications and pin devices. Read on to find out how compensating controls can prevent security breaches.
Identify Controls
Part of following PCI DSS compliance is maintaining compensating controls. A system that uses a shared login is at risk of misuse. There are several steps to take to reduce this risk. The steps include changing passwords frequently, limiting shared account usage, restricting shared account to administrative tasks, and preventing the shared account from logging into the main system. To meet PCI DSS standards, you will need to identify and document controls.
The Four-Part Criteria
A compensating control must undergo certain functions. It is a four-part criteria that was established by the PCI Security Standards Council. First, it must meet the requirements of the Payment Card Industry’s Data Security Standard. Next, the control must provide a level of defense that meets the standard. Third, it must go above the PCI DSS requirement. Last, the control must commensurate with the additional risk for not adhering to the requirements of PCI DSS.
Document Controls
It can be difficult to document a compensating control. This documentation method requires effort and can get expensive overtime. However, you can maintain integrity of customers’ financial information by utilizing this method.
Writing down credit card data in a file is not a secure way to store this information. It allows for anyone to gain access to customers’ financial data. If you do not follow regulations, then you will have to pay fines. Contact Virsec at www.virsec.com to protect your customers’ information from theft.
