In an age where we in a lot of countries can declare that cash is no longer king, ensuring the secure handling of cardholder data has become increasingly important. A critical part in this has been the establishment of PCI DSS. So, what is PCI DSS and how does the security standard protect card payments? Find out below.
What is PCI DSS?
PCI DSS stands for Payment Card Industry Data Security Standard, and is a worldwide security standard intended to improve the security of card data. It applies to all businesses that store, transmit and process cardholder data. PCI DSS can be divided into 12 requirements, which in turn can be divided into 250 controls. PCI compliance means that your business adheres to the requirements in PCI DSS.
The 12 PCI DSS requirements for compliance
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Protect all systems against malware and regularly update antivirus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Identify and authenticate access to system components
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
Who is behind PCI DSS?
The PCI standard was created in 2004 by credit card companies Visa, MasterCard, American express, Discover and JCB, with the intention of ensuring that merchants handling credit card data meet a level of security, and to prevent fraud and misuse of information.
Why is PCI compliance important?
There are many reasons as to why PCI compliance is needed. Most importantly is that PCI compliance prevents data breaches and sensitive information from being misused by cybercriminals. By following PCI DSS, you as a business are doing your absolute best to protect your customers and their personal data. It’s a stamp of security and helps you earn both trust and credibility, which is good for business!
What happens if your company is not PCI DSS compliant?
Non-compliance with PCI DSS can put your company at risk. Firstly, you might become liable to non-compliance fines and your acquirer may prevent you from accepting card payments.
Since PCI DSS compliance is very much correlated with security, non-compliance puts your company at risk for cyber crime and data compromises. Your customer’s data, such as card information as well as personal information, may then become subject to fraudulent use.