PCI Compliance Audits

We are getting more and more customers being targeted by companies trying to convince them that their whole corporate network should be PCI compliant if they process credit card information. Without thinking and planning how to do this, it is an understandable assumption.

PCI consultancies are often opportunistic and over complicating situations to charge more fees. This, coupled with scaremongering about fines and using spreadsheets of intimidating questions, can make for an uncomfortable and extremely expensive experience.

One simple rule… Don’t spend time and money trying to make office network compliant.. it’s like chasing your tail. If you must type credit card numbers yourself use separate locked down machines on isolated network.  Use Win 8 Pro to have the bitlocker functions to encrypt disks of those machines. Isolated networks are cheap and easy to install and manage.

Never store Credit Card numbers. Just type them into the browser as the customer reads them to you. Use a specialist company to process the payments. Don’t try and build something yourself or that whole platform would have to be PCI compliant. That will cost a fortune, probably far more than the sytem itself. This is why even high profile websites like the Land Registry use WorldPay for the credit card processing.

As long as you never type credit card details on your normal corporate PCs or store any numbers on your corporate network, then it should not need to be compliant to PCI levels, which can cost tens of thousands of pounds.

If you have any questions, please call Virtual IT and we can help your IT be better and maybe even save you money at the same time!



Comments are closed.