Printing Services and Payment Compliance: A Security Concern

Printing Services and Payment Compliance: A Security Concern

The majority of regulations and standards in the finance industry that affect printing services have been mandated specifically to ensure confidentiality and protection of user financial data that is being sent back and forth from the printer fleet.

The vital nature of fortifying all printing services that is anyway related to financial data processing cannot be undermined, as the consequences resulting from financial information theft are simply unbearable!  Recent research seems to suggest that the mean annual cost of cyber security breaches was priciest for the financial sector, averaging out at about 20 million dollars, that’s more than any other industry!

Auditors usually perform financial audits for enterprises and organizations on a biannual basis, and often tend to uncover insecure points of access, where financial data breaches have occurred from, or may occur, if left unprotected.

Over the decades, legislators have adopted and set standards to govern the security of, and provide control mechanisms to enforce secure equipment-payment infrastructure. Let’s take an in-depth look at the most common and widespread payment security standard!

PCI DSS: Ensuring Credit Card Data Privacy 

The most commonly referenced standard in the card payment industry is the Payment Card Industry Data Security Standard (PCI DSS).  The PCI DSS is a financial data security standard for all organizations that deal with processing credit card payment information from major credit card companies.

PCI DSS compliance is mandated by all major credit card providers, and regulated by the Payment Card Industry Security Standards Council (PCI SSC). This standard, and similar payment standards, such as the Sarbanes-Oxley Act, SOC2 and SOC3, were initially developed with the goal of creating a secure control mechanism to ensure the protection of cardholder information, and decrease the likelihood of credit card breaches.

Compliance validation checks for making sure that businesses are meeting the PCI DSS, are carried out on a yearly basis, either by external or internal security assessors.  These security assessments often involve developing reports on compliance for larger enterprises processing a higher number of transactions, or the completion of self-assessment checklists for smaller businesses dealing with a significantly lesser number of transactions.

Printing Services and the Secure Transmission of Financial Data: What is the Relation?

In essence, any company operating equipment that deals with, stores, or passes along credit card information, must prove compliance to the PCI DSS.  Vendors in the printing services industry, such as HP, Xerox, and several others, aggressively market their PCI DSS compliance as a key security feature of their offerings!

So how does credit card information and its transmission affect printing services?

Retailers, restaurants, hotels, and other businesses that take credit card payments often have payment workflows that consist of the following: Receiving a purchase order that contains credit card information, followed by the scanning or copying of that specific purchase information, to be stored on a company server, located either locally or off-premises, through the use of a multi-function printing device.

Since this process involves the multi-function printing device having to scan or copy the financial data, and the server storing the embedded financial information, both the printing device and the scanner are subject to the PCI DSS, and are consequently audited on a regular basis!

As you can see, the integrity of financial information, and specifically credit card privacy, is of crucial importance, and is directly related to printing equipment!  When looking for print solutions for your environment, always make sure that your provider has obtained PCI DSS compliance for their product fleet!

Additionally enterprises should ensure that their print solution provider maintains an overall secure solution, including secure storage of files, encryption of all print data, SSL compliance, and other applicable security measures!

 

Enjoyed what you read? Share it!
Enjoyed what you read? Share it!