PCI Compliance stands for Payment Card Industry Compliance; something that is rarely discussed, but is a data security condition that is vitally important to any small business that trades with card transactions. If a company isn’t compliant, they run the risk of incurring a £5000 penalty: not something a small or new business needs at all.
Otherwise known as the PCI Data Security Standards, PCI Compliance basically means technical and operational requirements that protect card and cardholder data for all payment card brands, and they’re applied to all organizations that store, process or transmit this kind of data.
The issue in hand here is that if a company still runs Windows XP, its card terminal may not be fully secure under the PCI compliance rules. This stems from the fact that on April 8, 2014, Microsoft ended its support to Windows XP. Even with antivirus programs and firewalls, all those using it from then on have a significantly reduced security posture, and if Windows XP is in their cardholder data environment (CDE), the whole business will be out of compliance as of April 9, 2014.
Codes cold be developed to attack XP’s vulnerabilities , and since there will never be another security update to address these vulnerabilities, Windows XP will always be prone to such attacks. However, all is not lost, as there are security mitigations built into Windows XP that can make it harder for attacks to work, and anti-virus software to help block attacks and remove infections if they occur.
It’s the business owner’s responsibility to make sure they have the right compliance – and if they don’t, they will be issued with the £5K fine.
It takes just a minute to answer the vital questions: Are you still running Windows XP? Do you use a credit card terminal? Are you unsure that you’re PCI compliant? It doesn’t take that long to check your compliance either. As a growing business, we at Ghost are concerned about other companies potentially losing out over this issue, so we are offering free compliance checks to anyone who suspects their business might be at risk.
It’s also relatively straightforward to rectify the problem, and Ghost’s managed security services can provide the support, advice and expertise required to secure your business and meet the PCI compliance guidelines, all without the jargon.