What is PCI Compliance?

PCI compliance, or PCI DSS concerns the implementation of Payment Card Industry Data Security Standard

PCI compliance, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

PCI DSS compliance is a multifaceted security standard that includes requirements for security management, policies, procedures, network.

3-Step PCI Compliance Process

PCI compliance follows common-sense steps that mirror security best practices. There are three steps for adhering to the PCI DSS – which is not a single event, but a continuous, ongoing process.

  • Assess

Identify cardholder data, take an inventory of your IT assets and business processes for payment card processing, and analyze them for vulnerabilities that could expose card holder data.

  • Remediate

Fix vulnerabilities and do not store cardholder data unless you need it.

  • Report

Compile and submit required remediation validation records (if applicable), and submit compliance reports to the acquiring bank and card brands you do business with.

Why Comply? - A Return On Investment

Why should merchants comply with the PCI DSS Security Standard? At first glance it may seem like a lot of effort, and confusing for smaller businesses. But not only is PCI compliance becoming increasingly necessary for online transactions, it may not be the headache you expected.PCI Compliance with data security standards can bring major benefits to businesses of all sizes, while failure to comply can have serious and long-term negative consequences.

Here are some reasons why...

  • Compliance with the PCI DSS means that your SYSTEMS ARE SECURE, and customers can trust you with their sensitive payment card information.
  • TRUST means your customers have confidence in doing business with you;
  • CONFIDENT CUSTOMERS are more likely to be repeat customers, and to recommend you to others
  • PCI Compliance IMPROVES YOUR CORPORATE REPUTATION with acquirers and payment brands -- the partners you need in order to do business;
  • Compliance is an ongoing process, not a one-time event. It helps to PREVENT SECURITY BREACHES AND THEFT of payment card data, not just today, but in the future:

As data compromise becomes ever more sophisticated, it becomes ever more difficult for an individual merchant to stay ahead of the threats

The PCI Security Standards Council is constantly working to monitor threats and improve the industry’s means of dealing with them, through enhancements to PCI Security Standards and by the training of security professionals

When you stay compliant, you are part of the solution – a united, global response to fighting payment card data compromise

PCI compliance has indirect benefits as well:

  • Through your efforts to comply with PCI DSS Security Standards, you are likely be better prepared to comply with other regulations as they come along, such as HIPAA, SOX, etc.
  • You will have a basis for a corporate security strategy
  • You will likely identify ways to improve the efficiency of your IT infrastructure

Equally, if you are not compliant, this could be disastrous for your business:

  • Compromised data negatively affects consumers, merchants, and financial institutions.
  • Just one incident can severely damage your reputation and your ability to conduct business effectively, far into the future.
  • Account data breaches can lead to catastrophic loss of sales, relationships and standing in your community, and depressed share price if yours is a public company

Possible negative consequences also include:

  • Lawsuits
  • Insurance claims
  • Cancelled accounts
  • Payment card issuer fines
  • Government fines

Remember that the UK Information Commissioner can now fine companies up to £0.5 million for a serious breach of data protection. Fines look likely to increase with the new EU Data Protection regulation which is expected end 2015.

You have worked hard to build your business – make sure you continue your success by securing your customers’ payment card data. Your customers depend on you to keep their information safe – repay their trust with compliance to the PCI-DSS Security Standards.