Have any question?
Call (516) 403-9001
Call (516) 403-9001
The Federal Trade Commission, or FTC, has put together a Safeguard Rule to help establish guidelines for how businesses store and interact with customer information. Enacted in 2003, this rule was recently revamped in 2021 to stay relevant with the latest technology used by businesses. Let’s look at some of the policies and procedures that your business needs to know about the FTC Safeguard Rule.
The Safeguard Rule is a mandate put in place to protect personal information. Those impacted by this rule include financial institutions like mortgage lenders, payday lenders, finance companies, mortgage brokers, account servicers, check cashers, wire transferors, collection agencies, credit counselors, and other financial advisors, tax preparation firms, non-federally insured credit unions, and investment advisors that aren’t required to register with the SEC.
Compliance with the FTC Safeguard Rule involves applicable financial institutions writing out their information security program and having it address specific metrics. This plan must also be appropriate for the size and scope of the business, and it must be tailored to the specific type of information that the organization is responsible for.
With the Safeguard Rule in place and governing how businesses manage sensitive information, it should technically address challenges such as the security and confidentiality of customer information, threats to the integrity of this information, and protection from unauthorized access, theft, or destruction of that data, as well as any problems it might cause for the customer.
When you get into the details, the reality is that there is nothing in the FTC Safeguard Rule that you shouldn’t already be doing for your customer data. Here is a quick rundown that the FTC recommends for businesses that want to make sure their networks are FTC-compliant.
MSPNetworks knows network security and compliance laws like the back of our hands. To learn more about how we can support your business’ efforts, reach out to us at (516) 403-9001.
The days of the cash-only business are over. It doesn’t matter if your business is a multinational corporation or you cut grass for a living, accepting payment cards is not only convenient for your customers, most of the time it’s the most secure way to get paid. In an effort to protect the personal and financial information of consumers who have come to depend on their payment cards, the banks that back the credit card industry have developed a regulation that businesses who process cards need to adhere to. Today, we will go over this regulation and how it affects small and medium-sized businesses
What is known as PCI Compliance, is actually the Payment Card Index Digital Security Standard (PCI DSS). It was established in 2006 as an industry-wide standard, sponsored by what is now known as the PCI Security Standards Council made up of some pretty familiar names: Visa, Mastercard, American Express, and Discover. The council was established to regulate the credit card industry and manage the standards in which businesses would be held to improve consumer privacy.
The first thing you should know is that PCI standards apply to all businesses that accept payment cards. If your business stores information or processes payment using digital payment, you have to maintain PCI compliance. Here are 10 actions every business that accepts payment cards needs to take:
Again, every single business that accepts the use of payment cards needs to be sure to accomplish these 10 things. Many businesses already do these things in the normal course of doing business, but if you don’t, and you accept payment cards, you are not in compliance and face severe rebuke.
Once you understand the global actions your business needs to take to stay in compliance, you then need to understand what level of merchant you are. According to the PCI Security Standards Council there are four levels of businesses that process credit cards. They are defined as follows:
Since a breach at level 1 will likely affect more consumers, the PCI regulatory body--that doesn’t have the means to constantly check every business--spends more time regulating larger organizations than it does smaller businesses. That’s not to say that small businesses can’t face hefty fines and consumer attrition if they are non-compliant. Each level has its own specific mandate. Let’s go through them now.
Merchant Level #1
Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:
Merchant Level #2
As transactions begin to decrease there are less stringent standards. Level two’s include:
Merchant Level #3
Many medium-sized businesses will fall under this level and need to:
Merchant Level #4
The majority of small business fall into level #4 status and like level’s two and three need to:
Businesses found to be in noncompliance will often be subject to review and are often fined, given extra scrutiny, or have their privilege to accept payment cards revoked. Don’t allow this to happen to your business. If you have any questions about PCI DSS standards, or how to keep your business in compliance, call the IT professionals at MSPNetworks today at (516) 403-9001.
Learn more about what MSPNetworks can do for your business.
MSPNetworks
1111 Broadhollow Rd Suite 202
Farmingdale, New York 11735