5 minute read

Helpful tips to maintain security and PCI compliance during COVID-19

Tuesday, April 07, 2020

As the COVID-19 pandemic continues to evolve, we remain committed to the health, safety and business continuity of our customers. As part of that commitment, it's important that we share fraud and security best practices to help protect your business and your customers from breaches during this vulnerable time.

Staying Secure

As the Coronavirus has impacted how consumers participate in commerce, many businesses are shifting their day-to-day credit card processing methods to telephone orders and e-commerce processing. So it's important for you to understand the vulnerabilities associated with these card-not-present transaction types.

A good first step is to complete all critical patches and updates in a timely fashion to thwart cybercriminals who are seeking to take advantage amid the pandemic.

Additionally, with phishing attacks on the rise, criminals are using the COVID-19 pandemic as their subject matter to get your attention. One known attack method is through an email that appears to be from the Health Department that claims to have legitimate information regarding the pandemic. These emails can infect your systems with malware that could compromise your business and credit card data, so it's prudent to be increasingly cautious if and when these emails arrive in your inbox.

An illustration showing PCI Compliance

Ways to keep your business and the sensitive credit card information you handle safe:

Remaining PCI DSS Compliant

Staying Payment Card Industry Data Security Standard (PCI DSS) compliant through this pandemic is still essential to securing your business. With travel restrictions and many companies implementing a work from home policy, PCI DSS assessments may not be onsite or handled in the traditional manner. However, please know that they are still crucial and can be accomplished by remote assessments.

The PCI SSC has provided guidance on remote assessments for Qualified Security Assessors (QSA), so you can review this information and understand how your QSA may interact with you. Prior to an assessment, coordinate with your QSA and ensure that both parties agree on the assessment strategy, observation approach and evidence collection methods. Both parties should ensure that these methods still maintain the integrity of the assessment as if it were being completed onsite.

If you have questions or concerns regarding how your QSA is handling your assessment, or as a result of the pandemic, you cannot complete an assessment item while maintaining the integrity of the assessment, contact your acquirer for assistance and guidance.

At Global Payments, we understand the challenges you're experiencing as a result of COVID-19 and are committed to helping you through this time of uncertainty. If you have any questions or concerns about how to approach security in this unprecedented time, please don't hesitate to reach out to [email protected].