We’ve talked a lot about big businesses like Tier 1 providers, who do over 6 million transactions a year, but what about compliance for the little guys? For the mom n’ pop establishments out there?

While browsing a daily read of mine over at the Braintree Blog I came across the following, which was produced by the Retail Solutions Providers Association. The video below takes a look at this issue - it’s about 12 minutes long but definitely worth viewing.

Part One:

Part Two:

“Upwards of 60% of consumers won’t go back to a place that’s breached their credit card data”

Action items noted:
• Make sure your point of sale system has a firewall
• Make sure patches are up to date
• Install anti-virus software
• Change passwords often
• Turn off remote access when not needed
• Stay educated
• Contact your POS provider to see what exactly you are storing on your system
• “If you don’t need it - don’t store it!”

How does E-xact fit in?

In the video Jennifer Fischer, the representative from Visa, suggests one of the steps merchants should take toward PCI Compliance is to visit the Visa website and view their list of compliant providers. Sure enough you’ll spot E-xact listed in this directory.

The message of the video is clear, the liability is with the retailer and it’s up to the merchants to make sure they have the right equipment, software and systems in place to protect themselves from attacks. This starts with having the right tools but also with education about the importance of non-storage of data, something that we’ve made sure to include in our Realtime Payment application, RPM.

*The deadline for compliance of Tier 2 companies (those who process between 1 and 6 million transactions a year) is December 31, 2007.

To learn more, visit the PCI DSS website, or read E-xact’s other PCI Blog posts.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.