PCI Compliancy is the back bone to taking Credit Cards in the Retail and Ecommerce industry. All payment companies require that the retailer meets the regulations set forth by the PCI Security Standards Council. This council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
With the recent passing of the SAFE Banking Act by the US House of Representatives, the ability to take credit cards at dispensaries for Cannabis may be coming shortly. Should this happen, then PCI-DSS will be required for taking credit cards at the dispensary. Having a PCI Compliant system will be mandatory as will as meeting all the regulations for PCI-DSS compliancy. In addition to the technology needed to meet the PCI Standards, all businesses that take credit cards must do a Self-Assessment Questionnaire (SAQ). This document is a validation tool for eligible organizations who self-access their PCI-DSS compliance and who are not required to submit a Report on Compliance (ROC).
The following is an overview of the requirements needed on the technology side. One major requirement is that the software be PCI Compliant. CannaPoint is PCI Compliant. The balance falls under Data Security which is listed below.
- Build and Maintain a Secure Network
- Install and maintain a commercial hardware firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Maintain a Vulnerability Management Program
- Use and regularly update Anti-Virus software
- Develop and maintain secure systems and applications
- Implement Strong Access Control Measures
- Restrict access to cardholder data by business need to know policies
- Assign an unique ID to each person with computer access
- Restrict physical access to cardholder data
- Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain an Information Security Policy
- Maintain a policy that addresses information security for all personnel
Mariner has partnered with Microsoft, Cisco Meraki, Webroot and other vendors to provide you with the tools needed to meet these requirements. Partnering with Mariner can provide you the solution needed for PCI-DSS to become and stay compliant with these Regulatory Entities.
Check back for more information on Security and Compliancy and how Mariner Business Solutions can give you the peace of mind needed for running your business.