We are hearing the word “compliance” more often lately as reports of data breaches at merchants like TJX, parent of TJMaxx, and payment processors Heartland Payment Systems and RBS WorldPay have resulted in millions of stolen credit card information. According to the 2009 Verizon Business Data Breach Report, more than 80% of data stolen in breaches are payment card data.
Smaller companies make the mistake of failing to comply with security standards. It seems that it takes a lot of effort to comply, with confusing and overwhelming requirements to process. But not only is compliance becoming increasingly important, it is not actually as much as a challenge as one might expect.
Meeting Compliance Standards
If you are in a business that stores credit card information or processes online payments, compliance is all the more a strict requirement. PCI Security Standards are technical and operational requirements are set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.
Bob Russo, general manager of the PCI Security Standards Council, explains three security standards that businesses need to comply with to be deemed secure and compliant depending on their operation.
Payment Card Industry (PCI) Data Security Standard
It’s a set of 12 specific requirements that cover six different goals. It tells you how to become secure. A few of the goals are to build and maintain a secure network, protect card holder data and regularly monitor and test the networks. This standard covers everything from the physical security to logical security.
Payment Application Data Security Standard (PADSS)
These are for payment applications a merchant would buy off the shelf. Examples of these are credit card payment terminals located malls or restaurants.
PIN Transaction System (PTS)
Anytime you enter a PIN number this standard would take effect. Devices such as payment terminals at gas stations, ticket kiosks, and transit systems that allow you to swipe your debit card to pay and require you to enter your PIN number need to get certified for this standard.
All businesses that store, process or transmit payment cardholder data must be PCI Compliant.
Compliance with security standards can bring major and long-term benefits to businesses, big or small, while failure to comply can have serious negative consequences.
Repay Customer Trust with Compliance
Your customers depend on you to keep their information safe – repay their trust with compliance to security standards. You wouldn’t want to lose customer trust after all the hard work you’ve put into making your business, would you?
While it is true that It helps prevent security breaches and theft of payment card data, remember that cybercrime theft is constantly evolving and attacks more vicious. Continuous compliance testing and monitoring is crucial. Compliance is an ongoing process, not a one-time event. When your business stays complia