The bottom line is: If you own a retail store or restaurant that accepts credit cards (Do you know any that don’t?) then you owe it to yourself to spend 13 minutes watching this video! This might be the most important thing you can do to protect yourself against data theft and associated PCI fines that could put you right out of business. Like they say, it is what you don’t know that can hurt you.
In the video they talk about insuring that your Point of Sale System, POS, is compliant with the Payment Application Best Practices, PABP, put out by VISA and last revised in February 2012. In this document they list Payment Application Vendors and the validated PABP versions. You should check this list for the vendor of your POS. If nothing else you should at least have the conversation with you vendor to insure that magnetic stripe data, CW2, Pin Blocks from the cards are not stored anywhere in your system. If that data is stored on your system you should find out what file(s) it is in and remove it from your hard drive. That is the information that will get you in serious trouble if compromised. Remember, if you don’t need the data for a business practice, then don’t store it. It is permissible to store the Cardholder’s Name, Primary Account Information, Expiration date and Service Code, but these need to be stored using PCI DSS.
For additional protection consider purchasing a small cyber liability policy that would pay any fines you might receive and also any notification or forensic costs you might incur if you have a breach. The pricing has really become affordable and every restaurant and retailer should seriously consider it.
(Source: 2013 Verizon Data Breach Report)