By now, you’ve heard some horror stories about hackers out there exploiting some major retail chains. Some of the largest retailers in the world have been compromised and their loyal customers have had to scramble/shut off their debit/credit cards and have their banking institutions issue new ones.

CISP-Cardholder Information Security Program, PCI-DSS- Payment Card Industry-Data Security Standards, and PABP- Payment Application Best Practices are acronyms that mean you as a retailer can be audited by the Payment Card industry to prove that you can protect your customers' data on your retail systems. You need to take steps defined by these agencies to Protect Cardholder Information and make sure the software and networks you use, conform to industry security standards defined by the regulating agencies involved.

The PCI Data Security Standard consist of different requirements. Each of the major payment card types, AMEX, Visa, MC, and Discover has its own PCI data security compliance program based on protecting cardholder data, and building and maintaining secure applications and networks.

So what does this mean for you, the small or medium-sized retailer?  You may ask how you can protect your customers' data if the big guys with fully staffed IT departments can’t? What makes it even worse, is that one of the “big guys” recently breached was certified PCI compliant.

Here's what you need to do:

• Make sure the POS application you are using does not store unencrypted credit card information captured at the point of sale.
• Make sure your system passwords, and your POS application passwords are strong.  Note (the current releases of 8 and 9 series Retail Pro and Microsoft RMS 2.0 meet those requirements).
  
• Make sure your network, or PC processing credit card data is secured. I recommend a robust hardware appliance that uses "deep packet" inspection, along with desktop protection for a multi-tiered security solution. Keep in mind, the larger your network, the bigger the appliance and cost. For a small LAN (local area network) these appliances are available, installed and configured for around $1000.00.
  
  I know that as a small-to-medium sized business owner, you need to run lean and mean. But please don’t elect to disregard your security solutions in order to cut costs. In the Internet age you need to pay attention to your IT security solution. Your software and your networks are your responsibility to secure. And don’t think they just go after the big guys, they are just the ones that make the evening news.
  
  In closing, there’s a lot more to it, but you have to start somewhere. Doing nothing in this day and age could put your entire business at risk. Feel free to call J.D. Associates to discuss how we can help you secure your systems, or e-mail me at bill.deery@jdapos.com.

ABOUT THE AUTHOR
Bill Deery is VP of Operations at J.D. Associates. He can be reached at bill.deery@jdapos.com