Are You PCI Compliant? It’s Mandatory.
Since 2005, there have been more than one billion stolen records in over 2,000 separate incidents. In most cases, thieves were seeking payment card data. Clearly, it is imperative that businesses do all they can to protect their merchant credit card processing and payment systems from fraud.
If you think your business is too small for thieves to target, think again. Small businesses are now seen as easy targets. A Visa analysis has found that small merchants accounted for more than 80 percent of data security breaches. A breach can cost over $200 per compromised record, and can expose your business to chargebacks, fines from banks, or regulators and loss of your customers’ trust.
What is PCI DSS?
PCI DSS — or the Payment Card Industry Data Security Standard (PCI DSS) — was created by the major credit card companies to prevent fraud. This standard has been around for several years and it works. Between 2005 and 2011, only four percent of all breached organizations were PCI compliant at the time of their data breach, proving that those businesses that take steps to become compliant do prevent fraud.
What Happens if I Don’t Become PCI Compliant?
The object of becoming compliant with PCI security standards is to help protect sensitive cardholder data from thieves. If your business fails to become PCI compliant, you could be putting your business at greater risk from the growing threat of payment card data breaches and theft, which may result in substantial penalties (such as fines from banks, regulatory agencies, and card organizations), fraud, and chargebacks, as well as legal costs and lost customers.
Additionally, if you fail to become PCI DSS compliant or to report your PCI DSS-compliant status via a
third-party vendor to your merchant processing services provider, you may also be charged a monthly fee
until you do so.
If your business experiences a data security breach, you could even lose your ability to
process credit card payments. Perhaps more importantly, you risk the loss of
customers. Research shows that 43 percent of customers who have been victims of fraud stop doing business with
the merchant where the fraud occurred.
How Can I Become PCI Compliant?
You will need to complete the following items below by clicking on the link at the bottom Become PCI Compliant:
A self-assessment questionnaire
A vulnerability scan
Depending on the complexity of your network, you could be done in less than 30 minutes.
You should also take the following important steps toward maintaining your PCI compliance and maximizing
your protection against any outside breaches:
1 . Build and maintain a secure network
Install and maintain a firewall configuration to protect cardholder
data.
Not use vendor-supplied defaults for system passwords and other
security parameters.
2. Protect cardholder data
Protect stored cardholder data.
Encrypt transmission of cardholder data across open, public networks.
3. Maintain a vulnerability management program
Use and regularly update anti-virus software.
Develop and maintain secure systems and applications.
4. Implement strong access control measures
Restrict access to cardholder data by business need-to-know.
Assign a unique ID to each person with computer access.
Restrict physical access to cardholder data.
5. Regularly monitor and test networks
Track and monitor all access to network resources and cardholder data.
Regularly test security systems and processes.
6. Maintain an information security policy
Maintain a policy that addresses information security.