The Chip Merchant

Is Your Business PCI Compliant?

What is PCI Compliance? In 2006, the PCI Standards Security Council, formed by the five major credit card companies, created the Payment Card Industry Data Security Standard (PCI DSS) in order to secure credit card data in a globally consistent manner.

As a result, merchants, processors, point-of-sale vendors and financial institutions must now meet rigid PCI standards when accepting credit card payments. These standards include requirements for security management, policies, procedures, network architecture, software design and other critical protective measures to help ensure the safe handling of sensitive credit card information.

How does it affect your business? Compliance with data security standards can bring major benefits to businesses of all sizes, while failure to comply can have serious and long-term negative consequences.

Compliance with the PCI DSS means that your systems are secure, and customers can trust you with their sensitive payment card information.

What if I am not compliant? Non-compliance could result in harsh consequences. Compromised data negatively affects consumers, merchants, and financial institutions. Just one incident can severely damage your reputation and your ability to conduct business effectively, far into the future. Account data breaches can lead to catastrophic loss of sales, relationships and standing in your community.

Finally, the 5 major credit card companies, at their discretion, can fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream until it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees.

For more information on how The Chip Merchant can assist you with PCI Compliance or to schedule a consultation, use our contact us form or call us at (858) 268-4774.

Tech Industry News

Firewalls: Why You Need It

“Firewall” is a term you may have heard computer people use, and much like many terms computer people use you may have no idea what it means. Well, we’re going to take some time to explain exactly what a firewall IS, what it DOES, and why you NEED one.

Let’s start with what a firewall IS. At its most basic, a firewall is a device between your computer and the “rest of the world” that’s designed to monitor network traffic in and (sometimes) out. Primarily we’ll be talking about hardware firewalls in this article (though software firewalls do exist) as that’s the more important device in our estimation. A hardware firewall is a device that gets installed between your internet provider (Time Warner, Cox, AT&T, etc…) and your computer. Most home users are familiar with Linksys, Netgear, Cisco, or D-Link (there are many others) as providers of firewall/router devices. The important part that these devices play in your network is to look at inbound traffic and determine what traffic is allowed in and has access to your computer.

It’s the first critical step towards safe computing as without a firewall, your computer is potentially visible to anyone on the internet.

Learn more »

Tech Tips

Avoiding Social Network Disasters

Social networks, everybody’s doing it. Unfortunately, that also means there are those who want to capitalize on social networking popularity with malicious intents.

You’ve probably seen it yourself: Facebook wall posts that sound a little funny attempting to get a click or maybe weird messages from your friends with links that may be enough to pique your curiosity.

There are a lot of ways these things can happen, but here’s a list of some of the most common ways these things happen and how to avoid them yourself.

Phishing – Google search results, links that appear to be posted by friends, messages wanting you to click somewhere, etc. are all common avenues of Phishing schemes. Essentially this works by creating a fake page that may look like a real site but with the express intent of harvesting your logon information or a fake message pretending to be from a site’s administration asking for compromising information. In either case, divulging your information sets your account up to be logged into from a different computer and used to potentially send viruses/spam/etc. to your friends.

Websites have a hard time detecting exploited information used on botnets which is typically where stolen information is used; there’s not an obvious source for malicious activity since botnets appear like normal computers/users to websites.

Prevention mostly involves exercising discretion on how you give information; refusing to give login information to sites that ask for it that were included in message links, making sure that the address in the URL bar is exactly the website you want, with no funny looking characters/strings attached and not responding to requests for account compromising information such as answers to security questions.

Learn more »