If you're using devices that capture and store card information, here's how to protect your business:
Using devices like USB card readers connected to computers means you're storing card data electronically, which automatically puts you in the highest-risk PCI compliance category and dramatically increases your data breach risk. These devices create unnecessary data storage points that significantly complicate your security requirements.
Essential steps to reduce your risk:
1. Remove card-capturing hardware immediately
- Disconnect and permanently remove all USB card readers attached to computers
- Stop using any devices that capture and store card information on your systems
- Don't process another payment until you have proper certified equipment in place
- Physically destroy or securely dispose of removed devices to prevent data recovery
2. Delete all stored card data permanently
- Permanently delete any card information stored on computers or connected devices
- Use secure deletion methods to ensure data cannot be recovered
- Check all connected systems, backup files, and temporary storage locations
- Empty recycle bins and clear any cached or temporary card data
3. Replace with certified payment terminals
- Switch to PCI-certified Point of Interaction (POI) devices immediately
- Contact your payment processor to obtain proper certified terminals
- Ensure new devices encrypt data internally and don't store information on your systems
- Train staff on proper use of certified equipment
4. Audit your current payment setup
- Identify all devices currently used for card processing
- Check what systems have access to or store card information
- Review backup procedures that might contain stored card data
- Document changes made to eliminate card storage points
5. Verify your new setup reduces compliance burden
- Confirm that certified terminals don't store card data on your systems
- Verify that removing card storage moves you to a lower PCI compliance category
- Update your security policies to reflect the new equipment and procedures
- Document the elimination of card storage from your environment
6. Red flags that increase your risk
- USB card readers or magnetic stripe readers connected to computers
- Any devices that save card information to hard drives or system memory
- Software that captures and stores card data from reader devices
- Card information stored in computer files, databases, or applications
- Backup systems that contain historical card data from capturing devices
- Point-of-sale systems that store rather than just process card information
The bottom line
Card-capturing devices that store information electronically put you in the most expensive and complex PCI compliance category. Removing these devices and switching to certified terminals significantly lowers both your risk and compliance requirements.
Contact your payment processor immediately to obtain certified terminals that don't store card data. This single change can dramatically reduce your security risk and move you to a much simpler compliance category.