What’s the first word that comes to mind when you think about PCI compliance? Most likely “security” (or perhaps the word “headache”). But in either case, hardware storage is probably not your top consideration. And yet, PCI compliant hardware storage is absolutely crucial for your merchants’ data security.
Protect Your Merchants
Unsecured encryption keys, PIN pads and POS terminals can be a gold mine for data thieves and a nightmare for merchants. Thus, PCI has put a number of stringent requirements in place regarding device management, including how equipment is “produced, controlled, transported, stored and used.” These standards ensure that at all points in the life cycle, devices are protected from unauthorized access.
Look for Qualified Vendors
So what should payment service providers look for to protect your merchants’ devices? Work with vendors that are PCI-PIN validated. Approved vendors, including CDE Solutions, have done the rigorous work involved in establishing dual-control secure storage and chain-of-custody tracking that meets PCI specifications. Bottom line, by partnering with a PCI compliant support partner for hardware storage, payment service providers can greatly reduce the risk of equipment compromise prior to merchant deployment.
Meeting Security Standards
Wondering what makes hardware storage secure? Here’s an overview of the specifications:
- POIs are kept in locked storage with dual access control.
- POI access is highly employee restricted.
- POIs are both stored and shipped with tamper-evident security features
- The vendor documents the POI’s complete chain of custody.
For more in depth details, you can review the standards here. These measures, and more, are designed to protect device integrity, ensuring optimal function in the field and protection for merchants and consumers.
When considering the runaway disaster of data breaches, secure hardware storage is absolutely crucial for your merchants. By partnering with a PCI compliant hardware storage provider, you can help your merchants avoid this danger. After all, PCI standards are not just paperwork, they’re truly best practice.