PCI DSS stands for Payment Card Industry Data Security Standard. It was developed by the PCI Security Standards Council to help organizations that process card payments prevent credit card fraud, hacking, and other vulnerabilities. Compliance is required of all merchants who wish to accept any type of payment card (credit, debit, etc.), where they store customer data (as in a database or on a website), and where they process transactions (again, either online or off). This applies to both brick-and-mortar stores and online retailers.
The PCI Security Standards Council was formed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. in 2006. The council was formed to take a more public stance on how credit card information should be protected and shared, as well as to better educate the public. Since inception, the PCI Security Standards Council has been drafting stricter guidelines for security of payment information.
You may have heard about PCI DSS before but do not know what it is or why you need to comply. You may even know some of the basic details but need to go further and understand what PCI Compliance entails, as well as how it affects you as a business owner. Finally, you might be looking for more information on how to achieve compliance and maintain security standards in order to best protect your customers and company.
What is PCI Compliance?
PCI DSS stands for the Payment Card Industry Data Security Standard, and it protects credit card transactions between businesses and consumers. The name itself tells you who it affects (anyone or business that processes credit card payments), what the standard entails (security) and what’s included in those standards (the PCI DSS).
PCI Compliance has 3 major requirements: maintaining a secure network, protecting cardholder data and being compliant with the PCI DSS standard. They all play an important role in making sure that information is protected at all times when you are handling credit cards.
Why do I need to be PCI Compliant?
The PCI Security Standards Council was formed to take a more public stance on how credit card information should be protected and shared. Now, the council has created a set of standards for all merchants to follow in order to maintain security over their payment methods. As a business owner, it is your responsibility to make sure you are following these guidelines and protecting your customers. The council has made it mandatory for all businesses that accept credit cards to be PCI Compliant in order to receive payment or provide services.
Being PCI Compliant is crucial, especially if you handle large amounts of credit card information on a regular basis. Since there are so many changes and updates made to the standards every year, it is important that companies are up to date on the newest requirements in order to keep customers safe. Failing to meet PCI Compliance can lead to major fines or even shutdown of business operations. If negative information about your company gets out, this is likely to cause you both financial and reputational damage.
How does PCI DSS work?
The Payment Card Industry Data Security Standard covers all aspects of transactions and account information. Whether you are dealing with an ecommerce site or a brick-and-mortar store, the following requirements still apply:
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor accounts for machine access (only dedicated accounts)
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know (also known as “least privilege”)
- Assign a unique ID to each person with computer access (individually, not by group)
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes (also known as “penetration testing”)
- Maintain a policy that addresses information security
PCI DSS is constantly changing, especially with the new 3.2 version updates issued earlier last year. This means that not only do you need to keep your eye on the list of requirements, but make sure your company stays up to date with these changes. The council has made sure that there are updates every year in order to ensure businesses are keeping up standards and following guidelines correctly.
The Payment Card Industry Data Security Standard is an important one for all businesses who handle credit card transactions to become familiar with, especially if you are not sure whether or not your business is already compliant.
Failing to meet PCI Compliance can impact your company in many ways – some of which could potentially put your organization at risk. Being PCI Compliant means that you are doing everything in your power to protect credit card payment information and make sure your customers and their information is safe.