Help From Your Friends

Many small businesses desperate for PCI compliance assistance

Identity theft and credit card fraud are the fastest growing crimes in the United States. The Federal Trade Commission reports that one in six Americans will be a victim of identity theft this year and that identity theft has been the No. 1 consumer complaint for the last four years.

Banks and credit card companies are responding quickly and aggressively to the challenge. In 2004, many companies banded together to form the Payment Card Industry Security Standards Council, aligned policies and released the Payment Card Industry Data Security Standard. This document set out a list of requirements that must be met by all vendors who accept credit card transactions. PCI DSS also included various deadlines for compliance based on transaction levels.

All merchants must eventually adopt these standards if they want to continue accepting credit card payments. To date, most of the industry’s efforts have focused on larger merchants. In fact, in October 2007, Visa reported that 65 percent of the nation’s largest retailers are now compliant with the industry standards.

However, any good security expert will tell you that you’re only as strong as your weakest link. PCI SSC knows this and is beginning to turn its attention to smaller retailers. Since 2005, more than 80 percent of the instances of unauthorized access to card data have involved small merchants. Visa also reports that these small businesses account for 85 percent of the 7 million locations nationwide that accept credit cards.

The Root of the Problem
Small merchants do not have the technical resources of larger retailers. While most large retailers regularly upgrade their computer systems, small merchants typically stick with one type of software and are reluctant to change or update.

The complex process of PCI compliance can be quite daunting to small and mediumsized merchants. When Tim Haight, owner of Merrill Ace Hardware of Merrill, Wis., first received notice of the PCI deadlines in a cooperative newsletter, he panicked.

“I realize the importance of this issue, and our company has already taken many steps to protect our customer data,” Haight said. “But I found the new requirements and standards to be overwhelming and confusing. I don’t have an IT staff to help me with our computer network and systems. Like most small business owners, I am the marketing department, IT department, sales department and customer service ... all rolled into one.”

Achieving Compliance
At that point, Haight enlisted the services of Activant Solutions. Merrill Ace Hardware has been using Activant Eagle® software to manage customer orders, handle point-ofsale operations and control inventory levels for four years. Haight asked Activant to help him address the technical portion of Ace’s PCI compliance survey. Technicians advised Haight regarding the Ace survey and conducted their own PCI compliance survey.

The PCI compliance security standards are technical and operational requirements that were created to help organizations that process credit card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. Merrill Ace Hardware uses Watchdog ISS services to protect its network from outside attacks, which provides a business-class level of security and protection for small to mediumsized merchants. Most of these businesses do not have a dedicated IT person or the expertise to protect the business from all the new threats that exist today.

Watchdog is a managed security solution designed for the small business owner. Each installation begins with a thorough analysis of a merchant’s network operations to determine the specific security measures appropriate for that business.

Watchdog deploys the latest technologies available to provide anti-intrusion services, virus and spyware protection, Web content filtering and a continuously monitored and updated firewall. Requirement No. 1 of the PCI DSS is install and maintain a firewall configuration to protect cardholder data.

Watchdog comes equipped with an antivirus suite that updates its definitions automatically. Requirement No. 5 of the PCI DSS mandates the use and regular updating of antivirus software. Because of the enforced antivirus protection, all networked computers share the same protection—eliminating concerns about which computers are protected with the latest virus updates.

Installers activated an antivirus and spyware client on each PC and laptop, which is different from consumer versions of this software. This is enforced protection—even if an end user figures out how to uninstall it, it will not let him access the Internet until it automatically reinstalls the antivirus and spyware protection. If a Watchdog-protected laptop is used for business travel, the system will automatically update its protection upon reconnection.

“As a small business owner, it’s a relief to have a technology partner who can come in and use their knowledge and experience to help me solve complex issues such as this one,” Haight said. “PCI compliance is a long and complicated process, but it is encouraging to know that my technology is sound and that my technology partner is helping me meet PCI DSS requirements.”

This article originally appeared in the issue of .


  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Making Safety and Security Intrinsic to School Design

    Public anxieties about school safety are escalating across the country. According to a 2023 Gallup report, 44% of parents fear for their child’s physical safety at school, a 10 percentage-point increase since 2019. Unfortunately, these fears are likely to increase if the incidence of school tragedies continues to mount. As a result, school leaders are now charged with two non-negotiable responsibilities. The first, as always, is to ensure kids have what they need to learn, grow, and thrive. Sadly, their second responsibility is to keep the children in their care safe from threats and physical danger. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

Featured Cybersecurity


New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3