PCI Compliance Assistance Every Merchant Needs
Your software allows for online payment processing, but you need a solution that provides the maximum PCI scope reduction while maintaining your proprietary site or web application look and feel. Our online payment gateway has you covered.
“One of the nice things that we found from using Global Payment Integrated's security bundle is that it is a one stop shop, we know that we can keep transactions secure using just this one product and I really love that.”
Business Systems Analyst, City of Pueblo Colorado
What You Need to Know About PCI Compliance and Data Security
Although simply paying non-compliance fees is a strategy, it does nothing to protect your processing environment – and your business – from a catastrophic data breach. Understanding how to become, and remain, PCI compliant as well as the potential risk of non-compliance, is critical in today’s payment processing landscape.
The Cost of a Breach
The costs of a breach to a business of any size can be devastating. According to a 2018 Cost of a Data Breach Study sponsored by IBM Security, the potential risks of a data breach can be staggering.
Average cost of data breach in US in 2018
Average cost of lost or stolen record
Average one-year breach cost increase
Average number of records compromised during a breach
What You Can Do to Prevent a Breach
Preventing a breach consists of two important factors: understanding the causes of breaches and being aware of your responsibilities as a business accepting credit cards.
Common Causes of Data Breaches
In the United States, virtually half of all data breaches are the result of a malicious attack. Another quarter are due to human error and the remaining quarter attributed to glitches within the processing system.
Your Responsibility as a Merchant Accepting Credit Cards
There are a number of best practices you can follow to reduce the chances you’ll experience a breach:
Understand the Requirements of PCI compliance.
A good place to start is by visiting the Payment Card Industry Security Standards Council website by clicking here.
Develop Security Policies for Your Business.
Create a written policy document that details your business’ use of digital and printed data, password management, acceptable use of resources, etc.
Educate and Train Your Employees.
Provide your staff with the knowledge and processes they need to follow to protect sensitive data. Monitor exactly who has access to what information and review usage regularly.
Utilize Security Technology Available to You.
Security enhancements such as data encryption and tokenization have had significant impact in reducing breaches. Ensure your local processing environment is not storing sensitive data. Take advantage of any PCI compliance assistance programs your processor may offer.
Keep Your Software Up to Date.
Many data breaches were implemented through vulnerabilities that resulted in software patches. Keeping your operating system and business management system software current is important to protect your environment.
If You Experience a Breach
Should a data breach occur in your business, there are some things you should know.
Work Fast to Contain the Damage.
Time is critical if you discover a data breach has impacted your business. If you have a security policy, now is the time to reference it. Depending on the suspected source of the breach, methods to close the vulnerabilities differ. But one thing is constant – work QUICKLY to understand the source of the breach and do all you can to close it.
Assess the Damage to Your Organization.
Once the source of the breach is eliminated, it is important to investigate exactly what happened, to what extent was the organization damaged, and what system(s) were impacted. You’ll need to understand whether the attack was malicious, the result of user account abuse, or systems based.
Communicate to Those Impacted.
There are several entities and individuals you need to notify in the event of a breach including local authorities and any customers who may have had their sensitive data compromised.
Audit Your Environment and Make Necessary Adjustments.
After a breach it is important to assess your processing systems to uncover any vulnerabilities that may prevent future similar breaches. Adjust your security policies and staff training based on what you discover from the audit.
PCI Terms You Need to Know
The payments industry is robust with acronyms and terms – some more important than others. Here are a few you should understand if you value data security.
The PCI Security Standards Council – A global forum for ongoing development and implementation of security standards.
Payment Card Industry Data Security Standard – An information security standard for businesses that handle major branded credit cards. The PCI Standard is mandated by the card brands and administered by the PCI-SSC.
Payment Card Industry Self-Assessment Questionnaire – A document businesses accepting credit cards are required to complete annually to determine their PCI compliance.
Network Vulnerability Scan
A vulnerability scan is a digital inspection of a processing network to detect any potential weaknesses that could lead to potential intrusion.
How Global Payments Integrated Assists Our Merchants with PCI Compliance
Global Payments Integrated provides our clients a PCI compliance solution that won’t leave you with more questions than answers. We don’t take PCI compliance lightly - dedicating people, resources and client assistance programs to making sure PCI compliance doesn’t keep you up at night.
The Global Payments Integrated Compliance Services Team
Our dedicated client assistance team that focuses specifically on PCI issues and providing you the right assistance exactly when you need it. This team makes PCI compliance their business all day every day – chances are they can answer any PCI-related question you may have.
Dedicated PCI Compliance Resources
Tools to help clients better understand their PCI compliance environment, their risks and priorities to address them
Data Security Essentials Tool
An online tool developed by the PCI Security Standards council that provides a guide for small to mid-size clients to identify how they accept payments without highly technical language. This allows them to match up with the proper evaluation form to evaluate their specific security risk.
Prioritized Approach Tool
Provides a roadmap for clients based on risk, that allows merchants to tackle the most important requirements first. Breaking down the PCI-DSS requirements into six milestones, clients begin with milestone one - that of highest importance - and progressively complete the additional milestones.
Available exclusively to Global Payments Integrated clients, PCI ASSURE offers all the PCI compliance assistance you’ll need to secure your processing environment. Components of this comprehensive support program include:
Dedicated 24/7 Client Portal
Merchants have 24/7 access to our web-based portal that steps you through the requirements and the necessary Self-Assessment Questionnaire (SAQ).
All the help you’ll need completing your SAQ. PCI ASSURE clients also benefit from a much shorter SAQ, greatly simplifying its completion.
Network Vulnerability Scans from ControlScan
These comprehensive system scans are designed to find problems in your environment before a compromise occurs. Easy-to-understand reports detail the results and instructions are provided to fix any identified issues.
Policy Builder – Custom Security Profiles
This online tool creates a set of custom security policies that are automatically generated based on the way you process payment cards, making it easy to comply with the PCI DSS requirement associated with security policies.
Security Awareness Training
Regardless of your PCI compliance status or processing environment, Global Payments Integrated’s dedicated PCI security team is ready and trained to provide the security assistance you need on an individual client basis.
$100,000 in Breach Protection
Included in the PCI ASSURE Program is a breach protection program that covers a client for up to $100,000 ($0 deductible) to pay for audits, fines or other expenses associated with a processing breach, should one occur.
Dedicated Toll-Free Support
Global Payments Integrated’s PCI Service Team is available to you, offering live assistance every step of the way. You’re always just a phone call away from help.
We’d love to tell you more
Join the industry’s most secure and full-featured payment processing platform