Issue link: http://read.dmtmag.com/i/155925
ers, of 45 million credit and debit card account numbers. However, a number of smaller businesses have experienced similar breaches, including: + In January 2013, the E.J. Phair Brewing Company reported that a hacker had managed to access customer credit and debit cards once they'd been run through the brewery's payment system. + In July 2012, oregonwine.com reported that 1,313 user names and passwords were stolen and posted publicly. + In December 2012, Sunview Vineyards reported the theft of an unencrypted laptop, which resulted in the exposure of employees' confidential personal information. + In November 2011, winelibrary. com was hacked, possibly expos- that don't demonstrate compliance. You're required to comply with the PCI DSS if you accept debit or credit cards at your winery for things such as: ing customers' credit card data. The breach was traced back to hackers in China. PROTECTING YOUR BUSINESS How can you protect your company from payment card fraud? By ensuring it complies with the Payment Card Industry Data Security Standard (PCI DSS). Created in 2006 by Visa, MasterCard, American Express, JCB and Discover, the standard increases controls around cardholder data and provides a framework for developing a robust process to prevent, detect and react to security deficiencies. Its requirements include: + Tasting room and event activities + Retail store sales + Online sales + Wine club sales + Winery or vineyard tours Failure to comply with the standard can result in serious and longterm negative consequences for Goals PCI DSS Requirements Install and maintain a firewall configuration to protect cardholder data. Build and maintain a secure network. Don't use vendor-supplied defaults for system passwords and other security parameters. Protect stored data. Protect cardholder data. Encrypt transmissions of cardholder data across open public networks. Maintain a vulnerability management program. Use and regularly update antivirus software. Develop and maintain secure systems and applications. Restrict access to cardholder data by business need-to-know. Implement strong access-control measures. Assign a unique ID to each person with computer access. Restrict physical access to cardholder data. Regularly monitor and test networks. Maintain an information security policy. The PCI DSS applies to all organizations that store, process or transmit cardholder data. Compliance is mandatory, and individual payment brands may impose financial or operational penalties on businesses w w w. v w m media.com Track and monitor all access to network resources and cardholder data. Regularly test security systems and processes. Maintain a policy that addresses information security for all personnel. your business, including monetary fines and loss of card-processing privileges. There's also the potential cost of losing customers and fixing the damage to your business' reputation. In addition to S e p t - O c t 2 0 13 | V I N E YA R D & W I N E RY M A N A G E M E N T 83