Closed to Risk, Open for Business: Is your business PCI compliant?
What is PCI DSS and does it apply to my business?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially, these standards apply to any merchant that has a Merchant ID (MID). So if any customer of your organisation ever pays directly using a credit/ debit cards, then the PCI DSS requirements apply to you.
I have data encryption.. am I compliant?
Do you think your business is PCI compliant because cardholder data that you store in the Point of Sale system (POS) is encrypted? Not so. Encryption of credit card data is only 1 of 12 core requirements to safeguard your customer’s credit card information and maintain your reputation. Another is “vaulting” or segregating the cardholder data from the rest of your network. How many businesses can truly state that they have this in place?
In order to be PCI compliant you must implement all the requirements of the PCI Security Standard Council, and be actively and regularly reassessing your adherence to these requirements.
What happens if you don’t comply?
The payment brands may, at their discretion, fine an acquiring bank 5,000 USD to 100,000 USD per month for PCI compliance violations. The banks will most likely pass this fine on till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business. This is not to mention the repercussions for your business in terms of lost customers and damaged reputation.
How can you become PCI compliant?
With our industry experience in this area, Systemnet can assist you with your remediation efforts to achieve compliance and prepare for an external PCI audit by a Qualified Security Assessor (QSA). For more information on PCI visit www.pcisecuritystandards.org
Why not contact us now for a no obligation discussion on how we can help you achieve PCI compliance!