Help From Your Friends

Many small businesses desperate for PCI compliance assistance

Identity theft and credit card fraud are the fastest growing crimes in the United States. The Federal Trade Commission reports that one in six Americans will be a victim of identity theft this year and that identity theft has been the No. 1 consumer complaint for the last four years.

Banks and credit card companies are responding quickly and aggressively to the challenge. In 2004, many companies banded together to form the Payment Card Industry Security Standards Council, aligned policies and released the Payment Card Industry Data Security Standard. This document set out a list of requirements that must be met by all vendors who accept credit card transactions. PCI DSS also included various deadlines for compliance based on transaction levels.

All merchants must eventually adopt these standards if they want to continue accepting credit card payments. To date, most of the industry’s efforts have focused on larger merchants. In fact, in October 2007, Visa reported that 65 percent of the nation’s largest retailers are now compliant with the industry standards.

However, any good security expert will tell you that you’re only as strong as your weakest link. PCI SSC knows this and is beginning to turn its attention to smaller retailers. Since 2005, more than 80 percent of the instances of unauthorized access to card data have involved small merchants. Visa also reports that these small businesses account for 85 percent of the 7 million locations nationwide that accept credit cards.

The Root of the Problem
Small merchants do not have the technical resources of larger retailers. While most large retailers regularly upgrade their computer systems, small merchants typically stick with one type of software and are reluctant to change or update.

The complex process of PCI compliance can be quite daunting to small and mediumsized merchants. When Tim Haight, owner of Merrill Ace Hardware of Merrill, Wis., first received notice of the PCI deadlines in a cooperative newsletter, he panicked.

“I realize the importance of this issue, and our company has already taken many steps to protect our customer data,” Haight said. “But I found the new requirements and standards to be overwhelming and confusing. I don’t have an IT staff to help me with our computer network and systems. Like most small business owners, I am the marketing department, IT department, sales department and customer service ... all rolled into one.”

Achieving Compliance
At that point, Haight enlisted the services of Activant Solutions. Merrill Ace Hardware has been using Activant Eagle® software to manage customer orders, handle point-ofsale operations and control inventory levels for four years. Haight asked Activant to help him address the technical portion of Ace’s PCI compliance survey. Technicians advised Haight regarding the Ace survey and conducted their own PCI compliance survey.

The PCI compliance security standards are technical and operational requirements that were created to help organizations that process credit card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. Merrill Ace Hardware uses Watchdog ISS services to protect its network from outside attacks, which provides a business-class level of security and protection for small to mediumsized merchants. Most of these businesses do not have a dedicated IT person or the expertise to protect the business from all the new threats that exist today.

Watchdog is a managed security solution designed for the small business owner. Each installation begins with a thorough analysis of a merchant’s network operations to determine the specific security measures appropriate for that business.

Watchdog deploys the latest technologies available to provide anti-intrusion services, virus and spyware protection, Web content filtering and a continuously monitored and updated firewall. Requirement No. 1 of the PCI DSS is install and maintain a firewall configuration to protect cardholder data.

Watchdog comes equipped with an antivirus suite that updates its definitions automatically. Requirement No. 5 of the PCI DSS mandates the use and regular updating of antivirus software. Because of the enforced antivirus protection, all networked computers share the same protection—eliminating concerns about which computers are protected with the latest virus updates.

Installers activated an antivirus and spyware client on each PC and laptop, which is different from consumer versions of this software. This is enforced protection—even if an end user figures out how to uninstall it, it will not let him access the Internet until it automatically reinstalls the antivirus and spyware protection. If a Watchdog-protected laptop is used for business travel, the system will automatically update its protection upon reconnection.

“As a small business owner, it’s a relief to have a technology partner who can come in and use their knowledge and experience to help me solve complex issues such as this one,” Haight said. “PCI compliance is a long and complicated process, but it is encouraging to know that my technology is sound and that my technology partner is helping me meet PCI DSS requirements.”

This article originally appeared in the issue of .

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
  • Live From ISC West 2024: Post-Show Recap

    ISC West 2024 is complete. And from start to finish, the entire conference was a huge success with almost 30,000 people in attendance. Read Now

    • Industry Events
    • ISC West
  • ISC West 2024 is a Rousing Success

    The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

Webinars

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3