PCI-DSS Compliance Is Crucial
These days, credit Card breaches are happening on a regular basis. Credit card users are generally protected by banks and credit card companies, but for added protection, companies such as LifeLock are becoming a necessity. The individual business owner is also at risk and vulnerable.
Did you know that your business needs protection?
What Is PCI- DSS?
PCI = Payment Card Industry. PCI is regulated by the Treasury Department and overseen by the Processing Card Industry Security Standards Council (PCI-SSC) that was formed in 2010 to develop compliance standards.
PCI-DSS =Payment Card Industry Data Security Standards. System developed by the PCI-Standards Security Council.
PCI-DSS Is Also The Responsibility Of The Merchant:
All merchants are required to meet the Annual PCI Security Awareness Training Requirement:
PCI-DSS 3.0 standard 12.6 mandates the implementation of a formal security awareness program, as well as a requirement to provide and document employee PCI security awareness training annually, including new hires. Many 3rd party providers offer reasonable training & certification courses to the merchant industry.
There Are Many Myths About PCI Compliance:
- “It doesn’t apply to my business.”
- “I’m already PCI compliant.”
- “I have a firewall in place so I’m compliant.”
- “My (bank, card processor, etc) has me covered.”
Merchants who can not demonstrate compliance, cover breach costs, fines and may have to reimburse the bank or institution for the monetary loss. But if a merchant CAN demonstrate compliance, the bank covers breach costs.
Did you know that 96% of all breached businesses are not PCI Compliant? 80% of them went out of business because of:
- Loss of processing credit cards for an extended period
- Stiff fines associated with non-compliance by the Tresury Department
- The bank or credit card company was not obligated to reimburse them for losses
How do businesses become Compliant?
Each employee must be certified by taking an authorized course, with a passing score, and administered by a certified agency. Documentation is sent to the business to prove compliance in case of a breach. If a business gathers credit card information on their customers, their networks must be audited every year by a certified auditor to be “bulletproof” as per current compliance standards. Most compliance agencies offer an online certification Course for each employee to get certified. A compliance certificate is then provided to the business for proof in case of a breach.
Get Compliant
If you process, transmit, or store cardholder data (credit, debit, prepaid, stored value, gift, or chip), then your organization needs to follow Payment Card Industry Data Security Standards (PCI-DSS). If you use a third-party to process, store, or transmit payment information, it is your responsibility to confirm that the provider is PCI-DSS compliant.
PCI DSS provides an actionable 12-step framework to develop a robust account data security process, including prevention, detection, and response to security incidents.
A qualified security assessor — certified by the PCI Security Standards Council — is required to also validate your network firewall protocols for payment card brands, including Visa, MasterCard, Discover and many other cards. Validation is an annual requirement for organizations with large merchant transaction volumes and a must for organizations of any size with a network and processing hub to avoid additional penalties if a security breach occurs.
Resources
Quick 3-Question Merchant PCI Audit
NEW PCI COMPLIANCE STANDARDS COMING (See Video)
PCI Security Standards Council
2012 Data Breach Investigations Report