PCI complaince from a Point of Sale or anywhere in general

I wanted to know how PCI works...
More so for in an example of working at Starbucks and knowing how PCI would work.  Is it a matter of encrypting credit card information by having a VPN from a Starbucks back to a HQ office or place?
Jay SmithAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Russ SuterSenior Software DeveloperCommented:
PCI is a set of standards, in some cases up to almost 300 of them. Encryption is only a small fraction of PCI compliance. Depending on how many transactions and how much money you're dealing with you may need higher levels of compliance. Yes you have to make sure that network traffic that may contain credit card numbers is always encrypted but you also need to make sure that you're not storing those credit card numbers even if they are encrypted. You also need to make sure your network is hardened against intrusion and that intrusion detection systems are in place and regularly audited. You need to make sure that the encryption you are using meets minimum requirements and that the keys used in that encryption are properly secured and guarded against tampering.

The entire current PCI DSS is available here: https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss. It's 139 pages long so take lots of bathroom breaks.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dave BaldwinFixer of ProblemsCommented:
Most retail places use a credit card service that takes care of all of that.  The credit card machine is connected to the register for purchase amounts and information but the credit card info itself is not available to the employees.
Naveen SharmaCommented:
Understanding PCI Compliance for POS Transactions:
http://www.mydigitalshield.com/understanding-pci-compliance-pos-transactions/

How to Stay Compliant with PCI 3.2 - A Checklist:
https://www.lepide.com/blog/how-to-stay-compliant-with-pci-3-2-a-checklist/

How Lepide helps organizations remain PCI DSS compliant:
https://www.lepide.com/compliance/pci-compliance.html
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

masnrockCommented:
As Dave pointed out, PCI goes FAR beyond what you've pointed out.

For a CC transaction, encryption is one of the major pieces. But also, there are things like types of software, devices, services and data flows involved. I recommend reading up on the PCI standards if you really want to get a better idea. When your network is involved, then you have to deal with standards of what resides on the network, proper security standards, and so on. A subset of things you might be able to redirect because of a third part that is involved. Definitely takes a lot of reading and communication to understand. But don't expect to understand everything from one EE question.

Here's the official site for PCI: https://www.pcisecuritystandards.org/
Check out the information on PCI 3.2 (current version of the standards) here: PCI Library
Sara TeasdaleCommented:
Checkout the following links

Is Your POS System PCI Compliant?

https://www.cpnusa.com/2013/10/pos-system-pci-compliant/

Meeting PCI Compliance Requirements

https://www.netwrix.com/PCI_Compliance.html

Reasons POS Should Give A DAM

https://www.beyondtrust.com/blog/3-reasons-pos-should-give-a-dam/

Secure Your POS Systems – Stay Compliant And Stop Data Breaches with PCI Compliance Software

https://www.capterra.com/pci-compliance-software/
Russ SuterSenior Software DeveloperCommented:
Question abandoned. Since it's such a broad question, every answer contributed.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.