Somehow it seems that every time we get ahead of the curve, a new regulation is lurking around the corner, requiring new policies & procedures, lots of research and mountains of paperwork. In the pharmacy industry, dealing with different compliance laws is a daily occurrence. Every sale a store makes has to meet all kinds of different criteria to satisfy numerous regulations. This means that your point-of sale system can be a major factor in maintaining the certifications necessary to run a successful pharmacy. HIPAA, Signature Logs, Medicare regulations and FSA certifications have daunted pharmacy owners for years. One of the newest issues facing us is PCI Compliance.
Every day I hear and read about PCI Compliance with ever increasing frequency. This is perhaps one of the most important compliance issues facing businesses today, but if the number of bewildered merchants I encounter is any indicator, it just may be the most poorly addressed issue in the industry.
PCI (Payment Card Industry) compliance, came into being as each year, countless numbers of credit and debit cards are compromised. PCI Compliance is a set of standards enacted by the credit card industry as a means to help prevent breaches to card processing environments. Every merchant that accepts credit cards, regardless of transaction volume or size must certify as PCI Compliant in order to protect customer card information. Credit card information must be encrypted and processed securely, networks must be secured and policies must be in place to demonstrate that a store is doing its part to protect credit card data. In the event of a breach, meaning card holder information is lost or stolen, non-compliant merchants face huge fines and penalties, not to mention the damage a breach can cause to even the most sterling of reputations.
As anyone who has gone through the PCI Compliance process can attest, the Self-Assessment Questionnaire is grueling. To many, the questions seem like they are written in another language.
This is where true partnerships with your system vendors can make the difference between struggling through pages of cryptic inquiries or being able to obtain support and assistance as needed. In the case of Retail Management Solutions, our own certification to meet Payment Application Data Security Standards means that card information is encrypted and secured correctly from the moment the card is swiped. Biometric fingerprint readers for logging in mean that access to systems is secure and auditing of log-in attempts make it easy to track someone trying to access the system when they shouldn’t. Full network security service is also available to broaden the scope of our ability to assist. Several different options for processing of delivery and mail order transactions mean we can either eliminate the need to store credit card transactions or bring stores into compliance with any information they do need to keep on file.
Like so many other compliance policies, PCI is here to stay. While it’s not the easiest process to complete, PCI will ultimately protect you and your customers.
-Karen Deckard is a PCI specialist for Retail Management Solutions