What you don’t know about PCI compliance can cost you.
Experts report that credit card fraud costs businesses billions of dollars each year in the United States alone. Protecting customer data and payment information should be a top priority for any merchant.
According to this payment security report conducted by Verizon, only 39.7% of companies in the US are 100% PCI compliant. Furthermore, the report drew a correlation between companies that experienced a data breach and missing PCI DSS controls. In short: breached companies didn’t follow all of the requirements to keep their enterprise safe.
Following PCI DSS keeps your operation compliant with the data security and privacy laws, such as the General Data Protection Regulation (GDPR). PCI DSS represents good data security practices for any business to follow, regardless of its size.
What is PCI compliance?
PCI compliance is a set of standards and guidelines for companies to manage and secure credit card related personal data. The major credit card companies – Visa, Mastercard, and American Express – established Payment Card Industry Data Security Standards (PCI DSS) guidelines in 2006 to protect credit card data from theft and fraud.
PCI compliance fines range from $5,000 to $100,000 per month, depending on the size of your business and the length and degree of non-compliance. Fines are assessed monthly—rising over time—until your business is compliant.
That kind of fine is manageable for a big chain merchant, but it could easily put a small business into bankruptcy.
However, these fines small in comparison to credit monitoring fees, laws suits, and actions by state and federal governments when you’re not PCI DSS compliant. For example, the total cost of Target’s massive credit card data breach in 2017 was over $200 million, including an $18.5 million legal settlement with 47 state attorneys general.
PCI DSS is the roadmap to follow to become PCI compliant. DSS encompasses a 12-step plan that protects customer data.
- Build and maintain a secure network and systems
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Maintaining PCI Protections with Hosted Solutions
In order to maintain PCI compliance, your business must also engage with PCI compliant credit card processors and banks. The data you protect only matters if that data remains protected across the entire transaction life cycle.
The first step is to employ good data security practices within your organization and conduct regular internal audits and quality monitoring of PCI compliant data. Here are some specific controls you can implement that will help protect your PCI data:
- Discover and classify sensitive data
- Map data and permissions
- Manage access control
- Monitor data, file activity, and user behavior
Although this may seem like a daunting task, you can protect customer data and card information from fraud with the help of a hosted solution provider. A hosted solution provider will help your enterprise stay compliant by conducting frequent updates and monitoring the network for vulnerabilities. Hosted solutions provide ease of use and eliminate stress from the equation.
HELPFUL LINKS: PCI COMPLIANCE GUIDE