Dec 01 2020 30 mins
If you handle, process or store credit cards in any manner, you are required to comply with PCI DSS, or Payment Card Industry Data Security Standards. This is a set of LEGAL requirements you must abide by to maintain a secure environment. If you violate them, you will incur serious fines and fees.
Are you subject to them if you take credit card payments over the phone? Absolutely! If you have clients that pay you direct by credit card, you’re subject to these laws. However, there are various levels of security standards – but thinking you don’t process enough to matter or that “no one would want to hack us” is dangerous. All it takes is an employee writing down a credit card number in an e-mail or on a piece of paper to violate a law; and then you’ll be left with legal fees, fines and the reputational damage incurred when you have to contact your clients to let them know you weren’t properly storing or handling their credit cards.
Getting compliant – or finding out if you ARE compliant – isn’t a simple matter I can outline in a 1-2-3-step checklist. It requires an assessment of your specific environment and how you handle credit card information.
A great resource is the PCI Security Standards Council, or www.pcisecuritystandards.org. If you want assistance in figuring out if you’re compliant, call us for a free assessment.
Have questions about cybersecurity or the technology at your company? I’m here to help. Access my calendar here to book a quick, 10-minute call with me.
Show Notes:
[00:00:30] Hey, everybody, I am Justin Shelly, CEO of Master Computing,
[00:00:34] And I'm Joe Melot, CIO of Master Computing.
[00:00:37] Welcome to Episode 15 of Stupid or Irresponsible. Joe, most important thing to happen to you this week?
[00:00:48] That's a good question. I probably should have prepared.
[00:00:50] Well, let me talk while you think about that.
So, listen, it was last week or the week before, maybe both. I talked about getting stood up for a podcasting interview because I've had people start reaching out to me and want me to be on their podcast and stuff like that, which just makes me feel special. And they stood me up. Well, then they came back and they apologized profusely and set the whole thing up again.
[00:01:19] I rearranged my entire schedule so that I can be here and do their 15-minute prescreening, meeting, Web meeting or whatever.
[00:01:28] But I mean, we've been planning this thing talking about it sounds like now also last year they had a really dialed in process. And I mean, I'm at the doctor with my kid shuffling that shit then I get here for this interview. And within 30 seconds they're like, oh, well, we're not interested because the we had the wrong number of employees. And I just thought, are you kidding me right now that with all of the process you had in place, you couldn't have asked me this key question from day one and saved me about four weeks of fretting and hours and hours of prepping and whatever. So, I was I was pretty upset. But I'll tell you what, it it made me realize the importance of process and made me look at my own process as I bring guests and to, you know, some of our other podcasts. We've got DFW rock stars. I'll plug that real quick as we're trying to get more. I mean, that was one that struggled. We haven't had a lot of guests. So, building that back up, getting the process dialed in. But that was the most interesting thing to happen to me, is just yet again getting stiffed by this company that I am not happy about it. So, I hope that gave you enough time, Joe. You still got to come up with something on your end.
[00:02:39] Oh, yeah.
[00:02:40] I guess just this week is kind of playing with the old Christmas ideas of, you know, a lot of our clients are out of the office during this time of the year. So, getting everything set up there, you know, we're a little short staffed here at the office. Even so, just making sure everything's covered. Everybody's got all our rules, make sure all security for all our clients are working and, you know, make sure we're on the pulse. Everyone has time to play catch up, right. I wouldn't call it catch up so much. It's really, you know, move our oranges from one basket to the other, make sure everything's taken care of. Yeah. No rest for the weary.
[00:03:15] Yeah. And I know you already talked about it, but you've got the new house you're getting in. You're settled. You've unpacked all your boxes.
[00:03:20] Oh, yeah. They're all total impact that usually. I think I told you that usually takes me about a year. Well, that's good because we're on pace for about a decade, so.
[00:03:28] Yeah, but it's got to be cool, man. Oh yeah. And the new plants really love it. All right. Excellent. All right.
[00:03:34] Well, let's jump in, Joe.
[00:03:37] You know, we kind of gotten into the habit of reminding people why we call this podcast's Stupid or Irresponsible comes from the marketing campaign. We've already talked about that. But I mean, the gist of it is we ultimately as business owners, executives, managers, we are responsible for the security of our organization. And it's a responsibility that should be taken seriously. And sometimes it's not.
[00:04:03] And, you know, we went on the traveling the speaking circuit for about a year. We're giving away free stuff where we're just begging and pleading people to take this seriously and not getting a great response from it, you know, because unfortunately, if somebody has not had a cybersecurity incident, it's really hard to get them to take it seriously. And so, you know, I went from this kind of coddling, you know, we're all victims here of crime. And it is stupid because we are one of the few places where the government prosecutes the victims. You know that that was kind of my whole pitch before. Like, this is it. If you get broken into in your home, nobody comes in calling you stupid. But if your business gets hit at, you kind of get close to it. You know, I've changed my tune a little bit and there is a level of stupidity to just not paying attention and taking this seriously. So, you know, there we go. The reminder of why we call it that. I don't really think people are stupid, but I do think people get distracted.
[00:05:00] You know, I'll go out on a limb. I guarantee there's a lot of stupid. Well, listen, yeah, you're right. You're right. There absolutely are.
[00:05:11] Maybe we all just have our areas where we're stupid, you know, as I'm kind of trying to defend business owners who have so many things on their plate, you know, and it's easy for me to just jump on here and say they're stupid and they're going to be mad at me and run away and cry or whatever. I don't know. But, you know, there's just there's a lot going on, especially covid like. The world burning down, we've got so many problems, man, we can’t ignore this one. No, no. Yeah, absolutely not. I mean, people get hit. They we'll talk about it. I've got one. You go out of business like it's not recoverable. This isn't you don't get a do over. It's not a video game where you can reset. You know, it's like this is it. If we don't take this seriously, if you get hit hard enough, you're out of business. So there it is.
[00:05:52] Security tip this week, Joe, we're going to talk about, you know, some of these things ar...