I’m a small business that only processes a few credit card transactions a month. Do I need a firewall or will I not be PCI Compliant?

You want to protect your customer’s credit card data obviously. Your firewall is the 1st line of defense on your network, no matter what type of internet services you are using. Some services from your local cable company or telephone company will come with a “Bundle” which will include a firewall/router combo. That’s fine for basic office usage and protection, however, when you are running a business, and you are taking credit cards, you are going to want to actually login to the firewall and make sure the settings line up with what your processor requires. They will have a check for things like making sure that the firewall has a rule that denies ANY traffic using ANY service to ANY resource on your LAN. That rule means that all traffic is blocked from entering your business network. That rule also means that you need to have other specific rules in place for other items on your network that may need to have communications open, those rules will be based off the application, resource, and port. You will also need to develop some Policies and Procedures and training to completely wrap the processes. That way you have documentation on what you have done, what is in place, and what you will do to make sure things are secure for your business. Please see http://pcidsscompliance.net for a wealth of information regarding this topic.

I cannot afford the $59.99 yearly subscription for anti-virus software, so what am I supposed to do?

You really, really need to just go online and download and install a free antivirus program. Check with your internet service provider (ISP) to see if they offer free versions of antivirus software along with your internet service. Most of the larger ISP’s do offer a free subscription just for using their internet services. If you login to your online account, check to see if there’s something called “Data Tools” and see If the antivirus software download link is there for you to install. If they do not offer that as part of your service, that does NOT mean that you do not install antivirus software. Not having antivirus software running on your computer is just asking for trouble and will most likely end up costing you money in the long run with repairs due to virus/malware infections and the like. There is an article by PC Magazine that lists the best free antivirus solutions for 2015 and they have 98 different packages available. Some offer more features than others. Some offer more ads than others. None the less, the link to the page is here, (http://www.pcmag.com/article2/0,2817,2388652,00.asp ) and you need to simply do some research and pick the one that you think will fit your needs best. I would recommend a product that also includes Malware scanning and removal. Lots of the antivirus programs out there offer this as a feature.

My office still has Windows XP Professional running on three of the computers. Is this risky, I would rather not spend the money to upgrade if I don’t have to.

You need to unplug them from your network ASAP please. After 12 years of running great, XP came to an End of Life April 8th of 2014. That means for the most part, there are no updates being sent out from Microsoft to keep your systems patched as vulnerabilities are found. If you are a large shop, you have options of purchasing support and tailoring things to your needs a bit more. But for the smaller shop, it’s more fiscally prudent to upgrade. Realistically you’re looking at spending $199 to upgrade from Windows XP to a newer version. However, you can get a brand new desktop running Windows 8.1 for not much more than that. Amazon, Best Buy, and even stores like WalMart have desktops in the $200-$300 range that are all built with the newest technologies, hardware and software. If you think about it, the current desktop computer that you have is at least 5 years old, more likely closer to 7 or more. That’s the time that we look to possibly purchase new cars, we cycle through our cell phones every year or two…so why would we not make another investment in our company that will last for many more years to come?

I don’t have time to purchase and setup a proper backup for my computers and one of the computers is acting like a server. Money is tight so my options would be limited anyway, but time is even tighter. What should I do?

The easy button would be to purchase and setup an online backup solution like Carbonite (www.carbonite.com) or Mozy (www.mozy.com), there are others also, a link to reviews from PC Magazine is here http://www.pcmag.com/article2/0,2817,2288745,00.asp.

The simpler way, without costing too much upfront would be to go and purchase an external USB hard drive. Base the size off the total amount of storage that you need to backup, and then go with the largest drive you can afford. Plug that drive into your “server” or desktop and then simply setup Windows Backup, which is a built in backup solution in the Windows Operating system. That solution will allow you to do a bear metal restore onto a new computer if you need to. It will also allow you to select the files and folder locations that you want to backup, how many copies of the backups to keep, and for how long. This basic solution is much better than doing nothing at all. A guide to setting up windows backup can be found here. http://windows.microsoft.com/en-us/windows/back-up-files#1TC=windows-7

As a lender, how are we supposed to produce 100% TRID compliant loans?

With the amount of detail that has to be double-checked and triple-checked it is a challenge, but it can be done. First, understand that you can’t do it alone, so it requires everybody to work together in a collaborative manner. Lenders also need to understand the importance of working with title companies, understanding what their responsibilities are and I think that’s very important.

Technology also plays a role and the right technology can really help make things easier. In general, you can automate the ability to detect issues, or you can get people to just stare and compare. However, It’s important that you give the right people the right tools in order to really make their jobs easier, they can automate and compare the nuances of the pieces of data that have to be checked.

So, to produce compliant loans in today’s regulatory environment, it starts with identifying everyone who is involved in the transaction and knowing that they are supposed to be there. Then, getting consensus from those individuals on the proper pieces of information. Finally, making sure that there’s a really good audit trail in place so that when there are questions or the defense has to be made, you are able to go back and prove that you’ve done the things you’re supposed to do.

Answered By: Wes Miller

Got a question?
Ask the experts.

Your Name *

Your Email *

Your Question *