Put Access Control into practice. Limit the password access to your system, every employee should only have access to the password he needs for his job only. Explain them that it is best for both customers and employees. If your business gets breached then investigating the matter will be easy due to restricted access to network.
Keep the data protected and save the physical records of customer and cardholder information, either by a physical lock and key or a card system. If your business includes manual processing of credit card then limit the access to receipts and slips by locking up them safely. If the data is stored in your network then it should be encoded and kept behind the company’s firewall.
Monitor your network by providing each terminal and user a unique ID number. This way in times of a breach IT professionals will find it easy to know from where the attack took place.
Create a secure network by keeping your firewalls updated and working. Under no circumstances let your firewalls go down and don’t give employees permission to disable firewalls for any reason.
Make a security policy by changing the passwords every now and then. As soon as the passwords are given by vendor change them immediately. Apply same password change policy on your employees. Change your passwords on a regular basis as instructed by the vendor.
Vulnerability Management Program
Develop a vulnerability management program by keeping your system protected with the correct anti-virus software. Also prohibit the addition of software like games that might compromise the system.
Penalties for PCI DSS Violations
It is better to understand that what might happen if PCI DSS requirements are violated. A business that is not PCI Compliant is most likely to pay fines, sanction and is likely to end up losing his rights from processing credit card information. If being non compliant results in data loss; then the business is likely to pay higher fines and some additional huge fines from the credit card brands and banks. Businesses not being PCI Compliant might subject to lawsuits and governmental actions for not being able to protect customer data.