RottweilerSecurity
770.529.5678
PCI DSS Compliant Security Systems,
Point of Sale Terminals,
PCI Compliant Surveillance Camera Systems,
PCI Compliant Bundled Solutions,
Refrigeration Temperature Monitoring
PCI DSS COMPLIANCE & SECURITY
Retailers and businesses that process credit card information must take the necessary steps to guard that information as they process it. Proper planning will not only protect the information, keep your business from the fines associated with PCI Data Security Standard (PCI DSS) compliance but will also protect your businesses reputation from being ruined by a data breach.
Often business owners and managers do not take into consideration the soft assets that are "under-the-roof" of its business. Access to that information sometimes has more value than the hard assets that are within a business. Access to all areas of a business by every employee does not protect or guard the owners from the harsh financial penalties should a breach occur.
A simple Criminal Background Investigation helps protect businesses of newly hired employees that may expose or capture this information to be sold. Rouge employees and/or office cleaning personnel that may not have a clean police record places the company at risk. For your protection, restriction to the data within the company becomes critical. Keeping audit records and access times to certain areas or individuals puts an additional layer of protection for your business to insure PCI DSS compliance standards.
PCI DSS Compliance standards are the guidelines from protecting your clients data. This standard is enforced directly by the Payment Card Industry but also has requirements under the Red Flag Rules. If you take and receive credit card information you must meet PCI DSS Compliant Standards. We offer many of the necessary products to help you achieve this.
Retailers and Businesses must also have in place the following to protect your customer's credit card data and remain PCI DSS Compliant:
- 1. You must install and maintain a WEB Application firewall configuration to protect network data.
- 2. You must not use vendor-supplied defaults for system passwords and other security parameters in software.
- 3. You must protect stored data with encryption and keep storage to a minimum.
- 4. You must encrypt transmission of cardholder data and sensitive information across public networks.
- 5. Every machine that attach's to your network must have Anti Virus software and updates need to be current.
- 6. Develop and maintain secure systems and applications.
- 7. Restrict access to data and limit access on a need to know basis.
- 8. Assign a unique ID to each person with computer access.
- 9. Restrict physical access to cardholder data and destroy media containing transaction information when it is no longer needed.
- 10. Track and monitor all access to network resources and cardholder data.
- 11. Regularly test security systems and processes.
- 12. Maintain an information security policy.
We can provide all of the security products and services associated with PCI DSS Compliance. When you are ready to have the last security company that you will every need, call us. 770.529.5678
With the new FTC regulations and the associated steep fines associated with Work Place Identity Theft and PCI Compliance regulations that took effect in November 2008, it becomes necessary for managers and business owners to not only understand the requirements but also put into place the necessary steps for your protection. Protecting you, your business and your home is our specialty.
DOOR ACCESS
Access to credit card data locations in a business needs to have access controlled. Access should only be granted to allow those individuals with rights to enter those areas. Unlike keys that can easily be copied during a lunch break, or codes that can be seen from other employees, HID cards can not be copied. Each card has its own encrypted key that is associated with an employee. If an employee loses their keys or they are stolen, control is easy to maintain. Other areas that need to be considered are:
Access to credit card data needs to be restricted to only those you allow. When the system is properly maintained and installed it meets one area of PCI Compliance standards.
- Even single door access to restricted areas is very economical
- Access should be granted to only certain individuals
- An Audit trail of access should be maintained for card data access
- Never loan out access cards to other employees
TERMINAL MONITORING
Placing CCTV cameras over areas that monitor card usage allows for viewing of individuals that might tamper with a terminal. All wiring associated with a terminal needs to be protected to prohibit someone from placing a phishing device behind the terminal on the network.
Keep all terminals from full view of a window and never write down a credit card number unless you shred the documents.
- Monitor each are that card data is received and transmitted.
- Check for unusual activity around a terminal or unusual device.
- Look for and identify any area that might compromise data or data information.
Using CCTV cameras in a work environment also tracks employee activities and it is always a good idea to have a CCTV installed to deter crimes of opportunity. It can also deter against Work Place Identity Theft, another area that you must manage and we can help with setting up restrictions for guarding that information on as well.
FIREWALL PROTECTION
In today's network architecture, it is necessary to block unwanted emails, solicitation of information and phishing messages that are after your employees and card holder information. We install firewall's made by Barracuda Networks that meet PCI Compliance Standards.
A commercial grade Firewall protects your network from unknown applications, probing software that detects pinholes and blocks threats from Internet users. A great rule of thumb is to ask the question, if unsolicited messages can get into your network, then you need a better firewall than you are currently using.
Some software applications that advertise built in firewall's and are bundled with Anti Virus software are usually not PCI Compliant and they also have to be managed with updates. So if the update does not take place, the computer is exposed to a virus attack as well as phishing software. You must also have Anti Virus, which we provide include with our other services.