home| sitemap| contact us
QUICK LINKS
Paid Advertisement
Home > Recent News > Is Your Retail Software Compliant with PCI DSS?

Is Your Retail Software Compliant with PCI DSS?

Protect Your Business with PCI DSS Compliant Retail Software
Retailers processing, storing, or transmitting
credit card numbers must be PCI DSS compliant,
or risk losing their ability to process credit cards
Another hot-button topic for retailers searching for new retail software is Payment Card Industry Data Security Standard (or PCI DSS). PCI DSS is a program created by the five major credit card companies, including Visa, MasterCard, American Express, Discover, and JCB. The program serves as a guideline for retailers processing credit card payments and works to prevent security issues, such as hacking and credit card fraud.

Retailers that process, store, or transmit credit card numbers must be PCI DSS compliant, or they risk losing the ability to process credit card payments.

What Is PCI DSS?

PCI DSS is a combination of five previously separate programs:

  • VISA Cardholder Information Security Program (CISP)
  • MasterCard Site Data Protection
  • American Express Data Security Operating Policy
  • Discover Information and Compliance
  • JCB Data Security Program

In December 2004, the five major credit card companies aligned and created PCI DSS version 1.0. In September 2006, the PCI DSS program was updated to version 1.1.

PCI DSS Requirements

Currently, PCI DSS specifies 12 requirements which are organized into six basic objectives:

Objectives Requirements
Build and Maintain a Secure Retail Point of Sale System
  1. Install and maintain a firewall configuration to protect credit card information
  2. Do not use vendor-supplied defaults for retail point of sale system passwords
Protect Cardholder Data
  1. Protect cardholder data stored in your retail point of sale system
  2. Encrypt transmission of cardholder data across open, public networks and the Internet
Maintain a Vulnerability Management Program
  1. Use and regularly update anti-virus software on your retail point of sale system
  2. Develop and maintain secure point of sale systems and applications
Implement Strong Access Control Measures
  1. Restrict access to cardholder data in your point of sale system
  2. Assign a unique ID to each employee with access to the retail software
  3. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
  1. Track and monitor all access to the retail point of sale system as well as the cardholder data
  2. Regularly test security of your retail software
Maintain an Information Security Policy
  1. Maintain a policy that addresses the security of your retail poin of sale system

Want more information? Download the complete PCI DSS requirements to ensure that your retail point of sale system is fully compliant with PCI DSS.

When talking with different technology vendors about retail software and point of sale systems, be sure to ask about PCI DSS compliance. Not only will staying compliant potentially save you thousands of dollars in fines if your data is compromised, the PCI DSS requirements are all best practices for smart retailers.