PCI DSS, or Payment Card Industry Data Security Standard, are technology security standards designed to protect consumer payment information. Any retail or wholesale establishment that processes, transmits, or stores consumer credit card information is responsible for keeping that financial information safe.
The History of PCI Compliance
These merchant security standards were implemented in September 7, 2006. According to the PCI Compliance Guide, these standards were set to “manage the ongoing evolution of the Payment Card Industry… with focus on improving payment account security throughout the transaction process. “
As new technologies change the dynamics of payment processing, so will the safeguards have to change with them. PCI DSS was implemented to protect consumer financial information at every stage of the transaction process from collection, modification, and retrieval of all financial data.
Currently, many businesses, especially SMBs, are struggling with reaching compliance standards. In fact, a Verizon enterprise report found that, “More than 82% were compliant with only about eight in 10 PCI DSS requirements at the time of their annual assessments and needed an additional three months or so to close the gaps.”
Why Should Your Business be PCI Compliant?
The official PCI Security Standards Council website breaks down the security responsibilities for merchants:
- Protect cardholder/consumer data
- Maintain vulnerability management programs and software
- Implement strong access control and privileged user access
- Monitor and test networks at regular intervals
- Maintenance and enforce information security policies
In light of the 2014 mega-breaches for merchant giants like Target, Neiman Marcus, and Home Depot, customers are warier of trusting their credit card information to retailers. Being PCI compliant is a promise to your customers to protect their data.
Take an unofficial self assessment to gauge your PCI compliance potential. The combination of technology tools and common sense financial measures can go a long way in helping your business achieve its security goals.
- Assess what type of data your customers share with you. Are you storing credit card information only? Or do you also have demographic information?
- What credit cards does your organization accept? Each major credit card provider has its own compliance program, though many elements overlap. You may be optimized for compliance with American Express, but you may be missing a few elements for Mastercard.
- Take inventory of your IT resources. Do you already have a security partner? Do you know your own technology vulnerabilities?
- Are you confident in the security of your POS provider?
Ultimately, the question of attaining PCI compliance is to combine common sense security practices with enterprise security technology.
Explore Technology Security Strategy with Centre Technologies
Do you need to plan and implement a security strategy for your business? Learn more about enterprise security technology and strategy: contact Centre Technologies today.