Audits. The very word probably makes you shudder. No one likes it when the auditors come knocking at their door – you just know they’re going to ding you for something. But that only happens if you don’t take a moment to breathe and do a simple preparedness check ahead of time.
Is your business prepared for a PCI compliance audit?
If you accept credit cards, you must be compliant with the Payment Card Industry (PCI) data security standard. That extends not only to you and your employees, but to any other companies or individuals with access to your IT systems. If someone can access your data, they’re obligated to meet PCI compliance too.
First of all, you need to retain an audit-trail history for a time period that fits with your use and legal regulations. That’s different from business to business – you need to find out how long you need to maintain your records! The main thing that affects what you’re required to do for an audit is your PCI level:
- Level 4 – Less than 20,000 transactions per year
- Level 3 – 20,000 to 1 million transactions per year
- Level 2 – 1 to 6 million transactions per year
- Level 1 – Over 6 million transactions per year
Additionally, you need to be able to prove that you have the right IT security processes in place to maintain confidentiality and security for all your transactions. Are you using the right firewalls to protect your networks? Do you have encryption on any emails that might involve payment card information? Are all your systems properly secured against unauthorized access of data?
These are vital questions you need to answer before the auditors come knocking. If it turns out you’re non-compliant, banks and credit card institutions can impose fines ranging up to $500,000!
So how do you ensure you’re prepared for a PCI compliance audit? It’s simple: DO ONE YOURSELF. If you run your own audit before a mandated one comes along, you’ll discover any vulnerabilities or missteps while there’s still time to fix them.
The team at Hammett Technologies is here to help. We’re the experts in PCI compliance for Washington, DC or Baltimore businesses. We provide a full PCI compliance service:
- A risk assessment to improve your data security.
- Advice for staff training on security awareness, so your employees have the information and skills they need to meet the latest PCI standards and regulations.
- Notifications about potential vulnerabilities ranked by order according to their seriousness. This way, you can address the most important first.
Protect your customers, protect your employees, and protect your livelihood – Contact Hammett Technologies at (443) 216-9999 or firstname.lastname@example.org to ensure your Washington, DC or Baltimore business is prepared for a PCI compliance audit.