We had a potential client approach us recently about performing a PCI compliance audit. They are a smaller operation that accepts credit cards, so their processor requires that they maintain compliance.
A PCI audit is an assessment of your infrastructure to answer questions on your self-assessment questionnaire.
Even a business that only has a single iPad on the network to accept credit cards is required to maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS).
Intuit states that “QuickBooks applications are secure, however, there are other applications that may compromise the security of your environment. Note that use of QuickBooks Payments services doesn’t mean that you are PCI DSS compliant already.”
Compliance is required of all organizations that store, process, or transmit credit card data, including financial institutions, merchants and service providers. The PCI DSS applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e-commerce.
Many businesses have software that runs on a computer or iPad, and a credit card reader attached to the computer. This configuration requires that all computers and devices on that network must be PCI DSS compliant.
Part of the audit is to perform quarterly scans of external facing connections (IP addresses), your internal network, and your wireless network by an approved scanning vendor.
However, if you do not have an on-staff IT department, these scans and the associated reports can be costly.
So, what is the best way to avoid these costs? Get a credit card reader that operates over a phone line.
This will put the PCI DSS requirement on the vendor that you are processing the credit cards with. Since the devices do not touch your network, you do not have to maintain compliance on your computer network.
And while it is nice to maintain the security standards set forth by PCI DSS, it is nicer to avoid the costs for scanning and the worry of having to complete the PCI DSS Self-Assessment Questionnaire.
So, while it is a loss for our company to not complete the project for them, the most cost-effective solution for them was to alleviate the long-term responsibility of compliance and make a small change in their processes.
If changing your processes is not an option and you must use your computer network to process credit cards, contact us so that we can take the hassle out of completing your questionnaire.
We at Advanced Systems Solutions have helped to ensure that many different types of organizations are PCI DSS compliant. If you’re looking for a support company to ensure you are compliant, with unmatched customer service, please contact us. We love to help!
Like our Facebook page by clicking on the icon at the top right of this page to stay up to date with date with current alerts and information!
Disclaimer: The above information is not intended as technical advice. Additional facts or future developments may affect subjects contained herein. Seek the advice of an IT Professional before acting or relying on any information in this communiqué