Credit Card Security, Your Point of Sale, And You

In today’s modern computing era, security has become more and more important.  New technologies like WiFi have made our lives easier, while adding even more new security concerns.  When handling credit card information, the status of your security becomes even more important.  To our knowledge, none of our customers have ever suffered a security breach, but we have heard about businesses being fined in excess of $80,000 for stolen card numbers when they weren’t properly compliant with modern security requirements.

In order to address credit card security concerns, all of the major credit card companies came together in 2006 and founded the PCI Security Standards Council.  This council, among other things, is responsible for creating the PCI Data Security Standard (PCI DSS), which is the set of security rules which all merchants are required to follow.  The current version of this standard is 2.0, and all of our customers who accept credit cards should review this standard and ensure that they are in compliance to avoid fines.

One subset of the PCI DSS is PCI PA-DSS, or Payment Application Data Security Standard.  This is a set of rules which affect the point of sale software you use to process your credit cards, namely CenterEdge Software.  Our latest release, CenterEdge Advantage 11.2, brings our application into compliance with the latest 2.0 version of the PA-DSS requirements.

First and foremost, all of our customers who accept credit cards via our point of sale should upgrade to CenterEdge Advantage 11.2 as soon as possible.  If you are not using this release, then you are not compliant with PCI DSS 2.0.  While earlier versions of our software do have good credit card security, they are not fully compliant with the latest security standards.

However, it is also important to note the the PCI DSS standards go far above and beyond just your point of sale software.  There are many requirements that must be addressed, including physical security, and we strongly recommend that everyone do a detailed review of the standards in order to ensure their compliance.  There are also many third-party consultants who can perform a more detailed analysis of your facility and computer systems, and this is a great route to follow.

Additionally, I would like to point out the single biggest, gaping security hole that our customers are likely to miss, public WiFi hotspots.  It is absolutely imperative that your public WiFi hotspot be completely isolated from your private network.  In fact, I really recommend getting a completely independent internet connection from your ISP just for your public WiFi.  If you need a wireless network for your point of sale computers, it must be a separate network secured with WPA2 encryption.  If you are unsure about this, please call a local networking firm and have them check your network to be certain.

If you have any questions, as always please feel free to email us at support@centeredgesoftware.com.  We know that PCI DSS is a daunting prospect for many people.  While we’re certainly not experts on all aspects of the standard, we’ll be glad to at least point you in the right direction.