b'FOGHORN FOCUSCyber RiskA KEY FACTOR TO ADDRESS IN YOUR PAYMENT ACCEPTANCE ENVIRONMENT THEODORE KEITH, JR. // THRIVE PAYMENTSI n a world driven by technology, information sharing, and the ever-payments industry collaboration of the major payment networks whose expandingdigitizationofseveraloperationsacrossnearlyeverymission focuses on the curation of global standards and provides guid-industry, data security considerations are critical to assess for mostance, support, education, and awareness to maintaining and enhancing businesses, particularly those who accept payments and handle paymentthe security of payments.card data. Unsurprisingly, a primary risk management objective of any business that accepts credit and debit cards for payment is to minimizeInadditiontotheSAQ,mostbusinessesarealsorequiredtoun-the risk of a data compromise. dergoaquarterlyexternalscanoftheirnetworktodetectvul-nerabilities,whichisneededifprocessingviaanIPconnection, As the maritime industry continues to evolve and transition towards aandverylargeorganizationsmayevenberequiredtoundergoa more cyber-focused and cyber-conscious position, their payment accep- formaldatasecurityaudit.Wheretherearerequirements,there tance devices and systems should follow suit. Many legacy point-of-salearealsopenalties.Tothisend,PCInon-compliancefees,inPHOTO: NATHAN DUMLAOA / UNSPLASH (POS) systems house payment card data locally within the business ITaddition to a PCI compliance fee, can often be assessed simultaneous-environment, while newer technologies typically process and store thatlybythepaymentprocessor.Thesenon-compliancefeescanrange data in a secure, cloud-based platform. While processing and storingupwards of $49 per month or more and are completely avoidable with data locally can ensure adequate data protection under the right con- completed SAQs and successful quarterly scans, so it is important to an-ditions, the costboth financially and in manpowermay prove to bealyze your processing statement regularly and thoroughly. Your payment an expensive burden to bear. Further, this method translates into a moreprocessor should be providing a robust compliance portal and assisting extensiveandcumbersomePCI-DSSself-assessmentquestionnaireyour IT team in understanding, analyzing, and mitigating any problems (SAQ). The PCI-DSS, or Payment Card Industry Data Security Stan- that are detected during the SAQ and quarterly scan process. PCI-DSS dards, were developed by the PCI Security Standards Council which is acompliance tools that enable an easy completion of the SAQ should FOGHORN 16'