Are you worried about backups and data security? If you’re using a cloud-based facility management software, your data is being stored in secure, private servers, which are far more secure than storing data in-house on your facility’s computers or in filing cabinets in your office. But in a business where you’re constantly handling customers’ sensitive data and cardholder information, you’ll want to double-check to ensure you’re working with a technology provider that’s up-to-par on PCI security standards and ahead of the curve when it comes to hacking and phishing trends.

Read to find out what the heck PCI stands for and what it means to you as a business owner, and learn how to evaluate your self storage software to ensure you’re managing your data and customers’ data safely and securely.

What is PCI compliance?

PCI stands for Payment Card Industry. The PCI data security standards are a set of regulations that ensure that all companies that accept, store, process, and transmit customers’ credit card information during a credit card transaction can do so safely and securely.

This means that any self storage software program, point of sale (POS) system, or facility management software platform that accepts credit card payments must follow PCI regulations to protect users (like self storage businesses) and their customers (tenants) against data breaches. The data security standards set by PCI range from encrypting tenants’ card data in the facility management software to creating in-office security policies at the software provider’s headquarters. These policies protect the data of both self storage businesses and tenants, and they hold software providers accountable for their claims that their POS technology is safe and secure.

These standards were first launched in 2006 to and they’re updated frequently to stay ahead of the latest security threats and data hacking trends.

How does PCI compliance protect my in-software data?

By complying with PCI data security standards, your facility management software provider is able to stay up to date with the latest standards for data security and protect your business’s data from hackers. Software providers comply with PCI standards to ensure their customers’ data is always safe. The PCI compliance framework helps establish a more secure environment and protects your in-software data.

The bottom line: when it comes to security of your customers’ credit card information and your business’s financial data, you can never be too careful. By working with a software provider that complies with PCI standards and goes above and beyond minimum requirements to create a hyper-secure environment, you’ll ensure your data is guarded against hackers online.

Why is security important for my self storage business?

It’s pretty simple: customers don’t want to give their credit card information to a business they don’t trust, and in order to trust the business, they must trust the security of their POS system, as well. Remember the major data breaches of recent past? Equifax’s giant 2017 credit card data breach exposed many consumers' social security numbers, birth dates, addresses, credit card data, and driver’s license numbers to hackers online, hitting the wallets of approximately 143 million consumers. Target’s record-breaking 2013 data breach cost them $18.5M and they lost tens of thousands of customers. If you think those customers are planning on trusting Target with their sensitive cardholder data in the future, think again. Even a small data breach will cost you for years to come - you’ll lose those customers for life.

Besides protecting your self storage tenants, PCI compliance also protects your business’s in-software data. You certainly wouldn’t want to lose your historical economic occupancy reports and rate management data, and you definitely wouldn’t want it to get in the hands of hackers who can use it to extort money from you or hand it off to your competitors. PCI compliance is a win-win for both brands and customers: you’ll protect your customers’ cardholder data from hackers and ensure your business’s confidential data is also kept safe.

An old-fashioned key on a black background.

How to evaluate your facility management software security features

So how do you know if your self storage software provider is following PCI data security standards? They may have a press release about their security compliance or include information about it on their website, or you can reach out to them for more information on their software’s security standards.

When evaluating your current software or looking at a new facility management software, ask yourself the following:

Is credit card or bank account information being stored in the software?

  • Tenant credit card or bank account information should not be stored in the software. The process should work like this: when sensitive payment information is entered in a tenant’s account, the information is immediately encrypted before being sent to the credit card processing company. From there, the credit card information is securely stored by the credit card processing company using advanced encryption processes. At this point, the credit card processing company will then return a “card accepted” or “card declined” message to your software. Your software should take this information from the card processing company, record and display the “accepted” or “declined” message to your users along with the last four digits of the card or bank account for user reference.

Are credit cards masked in the system?

  • Your software should have settings that allow you to hide credit card numbers as you enter them. As each number is entered into the payment screen, within one second the number should turn to an asterisk (*). This is a standard tool for credit card masking when entering payment information online.

Does the software have permissions around user logins and password resets?

  • Each user of your software should have unique login credentials. User passwords should be required to be at least eight characters long and not match previous passwords.

Does the software have password verification around certain actions in the software?

  • Your software should have options that allow you to enable password verification when processing sensitive actions such as adjusting rental rates, issuing credits, waiving fees, adjusting gate access hours, and resetting user passwords. User passwords should be also be masked in the software at all times.

Does the software have advanced user management and permissions?

If you process rentals or payments online, does your payment portal have a current SSL certificate?

  • An SSL certificate is required for PCI compliance - it protects your tenants from online card phishing scams.

Are tenant passwords masked in the system?

  • Many of your tenants may want to pay online or set up autopay for their rent payment. To do this, they’ll need to create an account and set up a secure login and password to pay online. These tenant passwords should be masked and encrypted at all times (whether in-software or during a “forgot your password” email exchange) in order to protect tenants’ sensitive cardholder data.

Are emailed reports password protected?

  • New trends in phishing suggest that scheduled reports (like the kind that are emailed to user accounts) be hidden behind a login, requiring users to enter their secure password to see facility or corporate reports so that only authorized users have access to reports.

When handling customer data, you can never be too careful. Ensure that your software provider is going above and beyond PCI compliance by staying on top of all data security and phishing trends by frequently rolling out security updates and informing owners and managers of updated security measures.

Thanks for reading! If you liked this blog post, you may also like: What the heck is SSL & why does my self storage website need it?, How to choose the best gate security system for your self storage property, and 5 benefits of call recording software.