PCI DSS

The legalization of recreational and medical marijuana in many states and countries around the world has made the global marijuana market one of the fastest-growing industries. According to a recent report by the Grand View Research, Inc., the global legal marijuana market will grow to $66.3 billion by 2025.

Cannabis is being widely used as a pharmaceutical product. It is said to be effective in treating severe medical conditions like arthritis, cancer, and Parkinson’s disease. This has contributed to the increased demand for medicinal marijuana.

Moreover, recreational marijuana or the use of cannabis without medical justification is being legalized in many states and countries. In the United States, 11 states and the District of Columbia have legalized the recreational use of cannabis among adults. Countries like Canada, Belize, Jamaica, Argentina, and the Netherlands have also decriminalized the use of marijuana.

All these developments point to the expansion of the cannabis industry in the years to come. Marijuana dispensaries can maximize their growth potential by complying with the Payment Card Industry Data Security Standard (PCI DSS), an information security standard for payment processing. Cashless ATM or point of sale (POS) banking is considered a viable and important platform for marijuana dispensaries to grow their sales. With POS banking, online cannabis dispensaries can accept purchases from customers who use their credit and debit cards.

The cannabis industry has been booming recently due in part to legalization legislation that has helped to alleviate barriers to market entry. Recent trends tell us that the cannabis marketplace is projected to grow at a staggering rate from $10.3 billion in 2018 to $39.4 billion by 2023. With more and more states opening up their borders for marijuana, many businesses are looking to technology to manage this increase in customers.

As of November 2018, 10 states have legalized recreational cannabis while 33 have approved it for medical uses. As more states are opening their borders to legal cannabis, business owners are beginning to become more digital in their endeavors thanks to this newfound legalization. But digitization isn’t all good if you don’t have a cybersecurity plan to protect your data.

Brands that are able to infuse innovative technology into their network infrastructure can use it to analyze and predict valuable consumer trends that will enable them to make critical decisions in the future. Having a cybersecurity plan in place to supplement this type of innovative undertaking is what will help your cannabis business thrive. Let’s look into the specific areas of interest that you should be focusing on when cultivating your cybersecurity plan and which proactive measures you need to take to avoid being a victim of a cyber-attack.

Need for Payment Cardholder Data Protection

There have been 2,216 confirmed data breaches in 2018. 76% of breaches were financially motivated. Cybercriminals are increasingly becoming more sophisticated. Data breach preparedness among the companies are at an alltime high. 324 data breaches involved stealing credit card data at the Point of Sale (POS) where card-present retail transactions are conducted. 414 credit card data breaches involved targeting payment web applications.

There’s one common security vulnerability leading to these payment cardholder data breaches at the POS and within web applications: Lack of payment cardholder data encryption.

PCI Point to Point Data Encryption (P2PE) to the rescue!

When it comes to ensuring that only authorized personnel are allowed into systems remotely, one of the best ways is to use a token. When it comes to keeping Credit Card Holder Data protected, one of the best solutions is tokenization. Many options exist for token use as well as for tokenization. We will discuss the basics of tokens, tokenization, and token service providers (TSPs) below.

The Payment Card Industry Security Standards Council (PCI SSC) releases regular updates to existing programs and creates new programs on an ongoing basis as security needs change. Staying abreast of the changes to PCI programs is essential to maintaining PCI compliance over time. Understanding what new programs are being created and how those programs might affect your operations is also important, as the creation of new PCI programs can impact security implementations in a variety of ways.

Protecting payment card data is essential in all environments, including when card data is taken over the telephone. Areas of organizations that interact with sensitive data in a telephone-based environment are particularly susceptible to fraud or theft of cardholder data. As such, protecting telephone-based payment card data is essential for all businesses that conduct transactions over the phone.

The act of storing primary account numbers (PANs) has already had a profound effect on network security for a plethora of organizations.  Massive data breaches have ensued over the years based on companies choosing to store PANs on their servers for ease of access.

Many companies who have been inflicted by a data breach use this excuse of consumer convenience in their choice to store PAN data on their network.  These companies who use this excuse also are not Payment Card Industry Data Security Standard (PCI DSS) compliant as the PCI DSS requires that merchants never store track data, for any reason.