Online transactions have become commonplace for many companies across all lines of industry. With the rapid growth in acceptance of online payments, many companies underestimate or are not even aware of requirements to maintain Payment Card Information (PCI) Data Security Standard (DSS) compliance.
What is PCI-DSS?
Payment Card Information (PCI) Data Security Standard (DSS) is a security standard developed and maintained by the PCI Council. The PCI Security Standards Council (PCI SSC) is a global forum. Payment industry stakeholders develop and drive the adoption of data security standards and resources for safe payments worldwide. The primary purpose of PCI-DSS is the assist in securing the payment card network.
Photo courtesy of pcisecuritystandards.org
Having one’s own data stored is a necessity, but risky. Having third party data stored brings on a whole new aspect of risk which requires its own assessment and treatment. Data breaches are a regular occurrence to which we have become desensitized. Recognizing this, the need for PCI compliance has never been more paramount.
What are the 12 requirements of PCI DSS?
We know, hearing there are 12 requirements sounds daunting. First, dive into the list and you will find the company is complying with some of these without knowing it. Additionally, the tips below can serve as a starting point for a self-assessment.
- Install and maintain a firewall configuration to protect cardholder data
- Configure unique passwords and settings. Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use of anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track all access to network resources and cardholder data
- Test security systems and processes. Conduct vulnerability scans and penetration tests
- Maintain a policy that addresses information security for all personnel. Constant documentation and risk assessment are a must!
What if Our Organization is Non-Compliant?
If your organization is in non-compliance with the PCI-DSS standards, you could be looking for trouble. Non-Compliance will be directed by your Payment Card Agreement (PCA) in force with the credit card company. Additionally, non-Compliance can result in penalties. Fines are imposed ranging from $5,000 to $100,000 per month by the Credit Card companies.
Next Steps
Meeting these requirements ensures your compliance. And also protects the company and its client base. Separate yourself from the competition. Give your clients peace of mind with the ability to stand behind PCI Compliant Practices. Contact one of our Risk Advisors to begin taking steps towards PCI DSS compliance and peace of mind.