PCI Free Blog

Do You Know What Your Employees Are Doing?

Lately we’ve been talking about how hackers and cyber theives target the small business just as often if not more so than the giant corporations that process in the millions of dollars. And that for this reason small business owners also need to take the accords of the PCI DSS seriously and consequently maintain PCI compliance for their business. After more research on the types of criminals that commit credit card fraud and the tactics they use for acquiring and exploiting the information they steal, we find that many small business owners can look much closer to home for chinks in their data security armor. Just as the PCI DSS stipulates keeping your network safe with regular maintenance, password updates, and network scans to keep up PCI compliance, it also takes into account the variable of the human user of your processing equipment.

The overall majority of data theft at small businesses, unfortunately, is due to employee dishonesty. Now no one is suggesting that you change your hiring process or fire that worker who always seems a little sullen, just that you be aware of who is handling customers’ credit cards and using processing equipment or computer resources that can access cardholder data. The next section recaps the PCI compliance strategies to utilize for reducing or eliminating cardholder data theft by employees. The best defense is a good offense and so, even if a criminally minded employee does happen to work for you, just remove the opportunity for mischief and the problem is solved before it begins.

PCI DSS requirement goal 4: Implement Strong Access Control Measures contains 3 requirements. Requirement 7 states that a business owner should restrict access to cardholder data to those who have a business need to know. Requirement 8 states that the business owner should assign each person with computer or equipment access a unique user ID. Requirement 9 states that physical access to cardholder data should also be restricted to those who have a business need to know. Practicing these PCI DSS recommended access control measures will help give you peace of mind while you continue to maintain your PCI compliance.

Please see our home page for more information about how you can validate your PCI Compliance at your business for no charge and lots more information on the PCI DSS.

This entry was posted in PCI Compliance, Point-Of-Sale Equipment, Sensitive Data Storage. Bookmark the permalink.

Leave a Reply