PCI DSS

 

EVERY merchant that processes credit cards, regardless of company size, and method of processing   is required to comply with the Payment Card Industry Data Security Standard (PCI DSS), and failure to comply fully can result in significant financial costs and catastrophic business consequences.

  Setting up and maintaining a secure environment is not an easy task, and as technology expands the criticality to do so have become imperative.  PCI DSS has mandated that this call to action is necessary and an important obligation for anyone practicing business.  The majority of the economy in the United States is comprised of Level 4 Merchants and this group accounts for 85% of the Credit Card industry compromises, and in fact 55% are from the Hospitality Industry.  Many merchants operate under the premise that the software vendor for the POS or PMS has taking care of the vulnerabilities and that they have nothing to worry about. This type thought is imperceptive at tops and incongruous given the increase in successful breaches in protection of customer personal information from hackers.  The Hospitality Industry is a repository of sensitive information that the customer has entrusted to the merchant. 

 For a while now the United States has been under attack from the Russian Mafia with regard to Identity Theft, in fact posted on August 18th 2009 on the Federal Criminal Defense Blog, http://www.federalcriminaldefenseblog.com , Albert "Segvec" Gonzalez and two unnamed Russian co-conspirators were indicted for the largest identity theft in US history; however those are just headlines.  The truth of the matter is that most identity theft happens by unsophisticated hackers penetrating soft targets, like Hotels and Restaurants.  The reason for this all you can steal buffet is mainly because the Hospitality Industry mission has been to serve the customer as quickly and pleasantly as possible.  No matter that is a business or leisure traveler, the customer is looking for a relaxing atmosphere.  Some the best rated hotels are rated on how well they perfect the mission of getting guest out the car and into the bed.  In doing so, the staff environment is geared toward ease of access.  Yes for the most, the PMS and POS require a unique login, but the users are logging in as a default with full administrative rights to the Network, like FD1, Administrator, or generic position, like GM, AGM, and so on and so forth.  The systems are not being patched on a regular basis, no standardization in security software, outdated definitions and the list goes on.  These simple things open the network up to any computer savvy high school child.

 The first thing you need to know about PCI DSS compliance is that, regardless of your size, you need to complete a document called the Self-assessment Questionnaire (SAQ) and submit it to your acquiring bank (sometimes called a “payment card processor” or “acquirer”). You must also submit a report from a certified vendor stating that it has scanned all of your property’s connections to the public Internet and found no vulnerabilities to intrusion. SAQs must be submitted annually. Network scans must be conducted quarterly and submitted annually.  TTI has formed a partnership with Qualys, after interviewing many Approved Scanning Vendors (ASV); we chose Qualys because they had the highest rating overall looking at Price, Product Offering and Support.

 The second item to deal with is what policies, processes and maintenance programs have been put in place to maintain compliance.  TTI offers a solution to assist in auditing and maintain all the mandated requirements by the PCI Security Council for ongoing Maintenance .  The bottom line is being able to prove through documentation what you did to become compliant and what you are doing to maintain compliance.  We have a total solution package to assist the Merchant in putting the package together and making sure that all the t’s are crossed and i’s dotted.  To get more information about what we offer please refer to the page TTI Approach.

 PCI DSS requirements are a fundamental Good Business Practice that every merchant should accept as common sense.  Aside from the fines levied by the acquirer for non-compliance and the fact the fines will continue to increase in size, your REPUTATION is on the line.   Becoming complaint can be a difficult and costly exercise for any merchant, but it simply cannot be avoided.  It is better and less costly to be proactive rather than reactive. Merchants need to take the Bull by the horns or hire someone to do it for them. The risks are too great not to—but the benefits are substantial as well.  Maintaining compliance is another obstacle all together.  What we help you establish is philosophy…  PCI DSS is New Way of Doing Business, not a project; although project work is obviously involved.  We at TTI understand this and we also understand that the average merchant is project oriented.  Merchants are accustomed to having to make changes to hardware and the IT environment either because of a software upgrade or because of the introduction of a new system or interface.  You know that there will be some a learning curve, glitches and time to work out the kinks (PAIN), but eventually we will walk out of the swamp and be back to business as usual.  Please don’t think of PCI DSS in this light, if you do, becoming compliant was a waste of Time and Money $$!  Look at PCI DSS as a new way of doing business.


  
 

TTI is here for you

What is your time worth? Our time is your time! We will go beyond measure to make a happy customer. We aim to please our customers with our expertise! We are the number one IT group, so you as the customer can rest assured that we at TTI will get the job done! We are on your side any day, any time! We are depedable with a great reputation!

We Support

Florida | Georgia | North Carolina
South Carolina | Tennessee | Virginia

Have Questions

We Look Forward To Hearing From You!
Have A Blessed Day! :)
Our Home Office: (888)709-6684 / (843)589-9500
CustomerService@timelytech.com