Data protection laws in 46 states are changing the way business owners process, store and transmit customer data.
In addition, pending legislation, part of the Personal Data Privacy and Security Act of 2009, seeks to give teeth to the Payment Card Industry Data Security Standard, a set of evolving regulations first established in 2004 by a consortium of credit card companies. The rules require businesses to use antivirus software and firewalls, encrypt data and control access to information. PCI DSS isn’t a law, but lawmakers have looked to it to shape state legislation.
Merchants who don’t change could face thousands of dollars in fines if they suffer data breaches, said Brian Bickel, who oversees Nashville, Tenn.-based Solveras Payment Solutions’ compliance program.
Visa Inc., which operates the world’s largest retail electronic payments network, set a July 1 deadline for certain merchants to comply with the 2004 regulations. If federal legislation is passed, processors and merchants may have to shift gears sooner than expected.
That’s why it’s important to become compliant now. Start by following Solveras’ five steps:
1. Watch the webinar at solveras.com/NFIB to determine your merchant level, which is based on the number of annual transactions your business makes.
2. Use your merchant level to identify which self-assessment questionnaire you need to complete. Questionnaires are available at pcisecuritystandards.org.
3. Complete the questionnaire. A “no” means you’re not compliant.
4. If you accept online payments or store cardholder information on a computer, you’ll need to provide evidence of a monthly computer scan by an outside vendor approved by the Payment Card Industry Security Standards Council.
5. Complete what’s called an “attestation of compliance,” a document that verifies your compliance. Submit it to your credit card processor.
Source: My Business
Links:
[1] http://www.solveras.com/NFIB
[2] http://www.pcisecuritystandards.org