We often get asked about providing IT Support for PCI Compliance by our small and medium business client base. “What do they need to do to complete and pass an assessment to become PCI DSS Compliant?”
is a typical question.
This comes about as one of our clients has been asked to either complete an assessment or needs to demonstrate PCI compliance.
As for most small to medium businesses the use of a card terminal or online merchant payment service is a necessary part of running their business, being compliant or completing a compliance process is really important.
The process itself is not that hard and their are plenty of guides online to help you through or you can get help from your merchant provider (the people who provide you with the card machine or online service).
Recently we were asked to help to one of our clients complete an online assessment, which is where a provider will run an external scan of your IT system and a report will be generated showing various issues or vulnerabilities of your system.
In most cases the issues will be graded into order of severity and whether the issue is regarded as a pass or fail of the system being assessed. An example of an issue is shown below;
If you click on the image this will expand into further detail, which talks about the use of a self-signed certificate – this potentially could be used by a hacker using a technique known as a man-in-the-middle attack.
This is classed as a failure of the PCI scan and you wouldn’t be able to get PCI compliance until this issue is resolved.
Now to most businesses this sort of detail means absolutely nothing, and so they would need help in being able to understand the issues and also what to do about them. This is where Fox Information Technology can provide IT Support for PCI compliance to help your business.
We understand the complexities of PCI and what we need to do in order to make sure that your systems are secure and that you can pass a compliance scan. This in turn means you can continue to run your card machines or online payment services without worrying about PCI compliance or IT security in general.
We provide expert IT Services to many Small and Medium business throughout Liverpool and the North-West, and we ‘d be delighted to work with you with and help you achieve compliance or just chat about PCI in general.
Contact us today to discuss either this blog post or to talk with us to help you achieve PCI Compliance status.