In recent years, data breaches at major companies such as Target and Equifax have made headlines. These data breaches put customers that entrust these companies with their data at risk, but also put the reputation of these companies on the line. In many of these cases, the data breaches were completely preventable and we can learn from these catastrophic security lapses.
To learn more about the Equifax Security Breach, read our previous Insights on the topic.
In 2006, five major credit card brands (Visa, Matercard, American Express, JCB, and Discover) formed the Payment Card Industry Security Standards Council. The goal of the PCI Security Standards Council is to have a single comprehensive compliance program that standardizes data security. The standards establish how credit card payment information is stored, processed, captured, and sent.
In order to be PCI DSS compliant there are 12 general requirements:
Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
Use and regularly update anti-virus software or programs
Develop and maintain secure systems and applications
Restrict access to cardholder data by business need to know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain a policy that addresses information security for all personnel
(source: https://www.pcisecuritystandards.org)
Aside from the fact that being PCI compliant is a good business practice, why else should you be PCI compliant? The answer is that if you are processing any kind of payments with credit cards, PCI compliance is mandatory. In addition to the possibility of enormous data breaches, as with Target and Equifax, lack of PCI compliance can lead to fines from credit card brands and lawsuits from various sources.
In order to become PCI compliant, it is important to consult the PCI Security Standards website and their informational PCI DSS Quick Reference Guide. Creating your own PCI compliant security standards within your business is a great first step but it is also important to work with a payment processor who can help to educate and guide you through the PCI compliance process.
PCI Compliance Levels:
Level 1
Merchants processing over 6 million transactions annually across all channels
Level 2
Merchants processing between 1 million and 6 million transactions annually across all channels
Level 3
Merchants processing between 20,000 and 1 million e-commerce transactions annually
Level 4
Merchants processing less than 20,000 e-commerce transactions annually and all other merchants processing up to 1 million transactions annually
Becoming PCI compliant ensures the health and wellness of your business as well as the safety of your customers.
Work with a PCI compliant payment processor that puts the security of your business first, Apply Today!
コメント