Secure Data, Secure Connectivity, Secure Business
Most business owners have enough on their plate without having to deal with the (critical) matter of secure connectivity. Card payments and the businesses that support them have been under a great deal of pressure from authorities who wish to protect the data and security of customers, as well as the criminal element who are on a constant mission to undermine these systems.
The fact is, though, that the matter of data security is the responsibility of everyone in the chain; from cardholders who must take precautions with their physical cards and card access details to the merchants who process payments.
PCI DSS Compliance
The PCI Security Standards Council responsible for the Payment Card Industry (PCI) compliance initiative is a body founded by American Express, Discover, JCB International, MasterCard and Visa.
The Payment Card Industry Data Security Standard (PCI DSS) is the commonly accepted set of policies and procedures set out to protect cardholders’ money and information and maximise the security of card transactions.
What do these policies include?
An article on PCI compliance from Chargify sums it up this way:
PCI-DSS covers various things about your business, like:
- Handling of data by your computer systems.
- Separation of program execution and data storage.
- Guarding against employee theft of data.
- Guarding against internet-based intrusions.
- Proper disposal of hard drives.
- Tracking of human access to hardware.
- Ensuring that software developers cannot directly change production systems without management oversight.
- And much more.
The PCI Security Standards website notes, “‘The PCI Data Security Standard (PCI DSS) applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational practices for system components included in or connected to environments with cardholder data. If you accept or process payment cards, PCI DSS applies to you”
The Critical Role of Secure Connectivity
While Huge Connect does not store, process and / or transmit cardholder data we still dee data security as an integral part of our value proposition and we take our responsibility in this process seriously.
If the PCI DSS standards are not directly applicable to Huge Connect then, how and why would we attain PCI DSS certification?
Our clients include a cross-section of industries where we provide a safe and secure online environment for those with just a small corner shop or major financial services or insurance companies.
The simple and straightforward information is contained in our website here and says, in part:
We provide GSM Data Solutions to any size business, from SMEs to large institutions. From telecommunication services for card payments to medical aid verification transactions. These GSM Data Services can be used as failover to access mediums such as xDSL, Fibre or Satellite with user-defined restrictions defining which type of data is permitted to failover (done to reduce costs). Huge Connect’s GSM Data Services offer unbeatable features, such as:
- Secure Encrypted Data Communication
- Remotely Manageable
- Data speeds up to and including LTE
- Quick deployment
Common Applications:
- ATM Connectivity
- Point of Sales (POS)
- Primary or Backup Corporate Connectivity.
And here’s the really interesting part:
Huge Connect has also taken its existing PCI certification to the next level, by developing an on-premise POS Communications Link Solution against the Payment Card Industry (PCI) Data Security Standards (DSS) V3.2.1.
The new POS Communications Link Solution being accessed allows for the transmission of encrypted cardholder data from the merchant/client across the Huge Connect network to the acquiring banks on the data-link layer.
It is important to note that Huge Connect does not play any role in the encryption/decryption key management process and can therefore at no time access cardholder data. Huge Connect also does not store or process any cardholder data.
What Can You Do To Keep Your Customer’s Data Safe?
Have you put in place the technical and practical elements which make up your responsibility towards data security?
- Whether you’re using a wired or wireless network to process payments, have you ensured that the companies and processes between your terminals and the bank are safe and compliant as far as reasonably possible?
- Have you locked down your wireless networks and making use of the best security protocols available to you?
- Have you changed the default passwords on your wireless routers, and do you change them regularly?
- Have you ensured that only trusted staff members have access to the payment application environment?
- Have you limited access to the mobile payment device?
- Is the cardholder data environment safely segmented from the wireless network?
In Conclusion
As we are learning, things can change very quickly in our business environment and we all need to be on our toes to counter these variables.
We’d like to encourage you to chat with Huge Connect. Why?
Simply because we have decades of combined experience in providing a safe and stable online environment no matter the business size, type or location. We take our responsibility toward secure connectivity very seriously and work closely with our customers to maintain the security of their critical business information.
Let’s keep you safe. Let’s connect.