PCI and Secure Card Terminal Connectivity for Growing Businesses

Desperate times call for desperate measures, and few of us have seen times more desperate than we are experiencing right now. Sadly, this means that fraud, theft and other criminal activity is spiking, and we must be increasingly more vigilant.

Many businesses are taking their products online with eCommerce stores which is enormously convenient but also comes with the added risk of online card transactions. Some criminals are using card cloning, POS devices and ATM machines to skim money from unsuspecting customers, all which add to a growing feeling of distrust which we need to combat.

PCI to the Rescue

Thankfully, when it comes to POS card payments, we have the PCI watchdog to ensure the safety of card transactions. The matter of PCI DSS was discussed in a previous article, and can be summarised as follows:

“The Payment Card Industry Data Security Standard (PCI DSS) is an initiative developed and managed by an independent body made up of major card brands, such as Visa, MasterCard, Discover and American Express, to combat credit card fraud. All merchants internationally have to comply with PCI DSS standards, and in South Africa, it is a PASA (Payment Association of South Africa) regulation.”

PCI compliance is required of all companies who accept card payments and need to follow a strict code of conduct as well as ensure that they adhere to the security measures set in place by PCI DSS. 

Businesses do well to follow the PCI requirements as they protect both the company and the customer. If there is a data breach and it is found that your business is not compliant, you will be liable for some hefty penalties and risk losing the option to accept card payments at all. Lawsuits, compensation, and back payments will likely follow.

If that’s not enough, your reputation will be negatively impacted and there is every chance that you will lose customers who feel that their data is not safe. 

PCI and Card Terminals

PCI DSS requires that all parts of the payment system be secure. This includes:

  • Secure computer passwords and limited access to your business network
  • Restricted access to card terminals 
  • Firewalls between your system and the web
  • Secure anti-virus software on systems
  • Comprehensive monitoring and tracking of access to card holder’s information
  • Change all passwords regularly

It would make sense to keep your wireless connection secure if you are using one. Hackers can’t access what they can’t see, so the first step would be to turn off the broadcast functionality of your router so that it remains invisible. In addition, use the strongest encryption methods available to you and make sure to change the password regularly.

While these and similar measures will assist in your efforts to stay compliant and keep your customer’s data safe, you will also benefit from keeping your card terminals secure.

How can you do that?

 

The PCI Security Standards has some excellent, common sense ideas for keeping your terminals secure

 

They say, “KEEP A LIST of all payment terminals and take pictures (front, back, cords, and connections) so you know what they are supposed to look like. 

LOOK FOR OBVIOUS SIGNS of tampering, such as broken seals over access cover plates or screws, odd/ different cabling, or new devices or features you don’t recognize. The Council’s guide (referenced below) can help. 

PROTECT TERMINALS. Keep them out of customers’ reach when not in use and obscure their screens from public view. Make sure your payment terminals are secure before you close your shop for the day, including any devices that read your customers’ payment cards or accept their personal identification numbers (PINs). 

CONTROL REPAIRS. Only allow payment terminal repairs from authorized repair personnel, and only if you are expecting them. Tell your staff too. CALL your payment terminal vendor or merchant bank immediately if you suspect anything!”

 

It seems easy enough to maintain adequate security in your system and with your card terminals, however there is one last space which you would need to keep a close eye on.

 

Data Transfer Security

The critical link between your POS device and the banking system is something we can’t see or manage, but there are those who can. 

Our previous article on payment security for merchants will set your mind at ease.

Huge Connect’s PCI (Payment Card Industry) certification is supported by a cutting-edge on-premise POS (Point of Sale) Communications Link Solution against the PCI DSS (Data Security Standards), via the Huge Connect network to the banks on the data-link layer. This magnificent cyber schematic in the interests of payment security suitably scrambles criminal intentions while at the same time, Huge Connect does not play any role in the encryption/decryption key management process and can therefore at no time access cardholder data.  Huge Connect also does not store or process any cardholder data.

The bottom line is that Huge Connect understand the attack vectors and using predictive intelligence approach, keep ahead of the tide to research cyber adversaries. There are legitimate ways to enhance payment security even if it means exploring the dark side where cybercrime operates. Besides ensuring your hosting provider has state-of-the-art- safeguards in place, merchants need to use VPN (Virtual Private Network) updated security software and browsers the chances are that those of ill-intent will look for easier targets.

Yes, closing all the doors to cyber criminals will benefit you and your customers. 

Please feel free to contact the Huge Connect team for more information on PCI compliance and secure card terminals for your growing business.

Go to Top