The Payment Card Industry Data Security Standard, commonly referred to as PCI DSS is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes around the world like Visa, MasterCard, American Express etc. It is a worldwide standard that was laid out to help businesses process card payments securely and reduce card frauds. The way it does this is through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.
In other words, the Standard provides broad requirements for securing personal non-public information used on digital technology in retail. Retail companies that process credit card information of customers should be compliant to implement best practices and technologies to secure this information. By using an all-in-one security device that integrates the most important security technologies, retailers can achieve PCI-DSS compliance faster.
It is evident that data security has a significant impact on organizational bottom line: not just in terms of the costs of compliance, but also in terms of the revenue that customer provide to your business.
PCI DSS sets minimum levels of security for credit card transactions, defining a common set of industry tools and measurements. Merchants receive a list of data protection “to do’s” impacting firewall configurations, password defaults, data encryption/storage methods, anti-virus software deployment, systems tests, and other related activities. When the auditors come around, these businesses seek to demonstrate that they’ve checked every box on the list to achieve compliance. For many companies, PCI certification has become a market differentiator today.
Organisations have realized how important the compliance standard is and they view it as a necessary and worthwhile investment. Most organizations today have taken important steps to achieve PCI DSS compliance and believe their current information infrastructures would pass audit assessments. Moreover, companies view PCI DSS compliance as necessary for protecting cardholder data and majority of the organizations plan to increase compliance spending in the coming years. Steps are being taken to make additional investments to comply with evolving PCI DSS requirements for virtualized environments. Keeping in perspective the rising publicity and costs associated with data breaches and identity theft, it was quite inevitable that businesses will see its significance finally. Close to 12,000 cases of frauds related to credit/debit cards and net banking were reported by banks between April to December 2015. Going the extra mile to protect cardholder data makes perfect business sense, in addition to just being the right thing to do.
If an organization loses card data i.e. suffer a data breach or theft, and they are not PCI DSS compliant, organizations can incur Card Scheme fines for the loss of this data and may be liable for the fraud losses incurred against these cards and the operational costs associated with replacing the accounts. Also, it may mean for retailers losing their customers forever as they would not want to for business with them.
Unfortunately data breaches occur regularly and retailers and e-commerce portals are a very frequent target for hackers. So, it is imperative for them to ensure that they have implemented all of the relevant controls in PCI DSS. PCI DSS is something that retailers must implement.
Today, retailers are coming to recognize that their data isn’t safe every time and this threatens their very business success and profitability. Data not compliant with PCI DSS standards increases credit card costs on every transaction. And, reportable data breaches can have a negative effect on sales and reputation, generate credit monitoring costs and fines and are alleged to have cost senior executives and even CEOs their jobs.
Technology has made its own share of advancements. The latest version of PCI DSS 3.1 is designed to make payment Point Of Interaction devices like for example Chip and PIN terminals, ATMs and Point of Sale less vulnerable – ensuring data is passed from the terminal or browser securely. This means retailers need to ensure their payment security is using Transport Layer Security rather than Secure Sockets Layer.
PCI DSS is comprised of 12 general requirements designed to secure credit card data. Noncompliance can result in recurring audits, heavy fines and legal controversies. The requirements force retailers to redefine their practices, but in turn allow them to further improve customer service by managing information efficiently, control credit card information and offer the highest level of security thereby avoiding security breaches and penalties and save money overall.
About the author: Rahul Kothari is Head of PayUBiz. PayUbiz is a one-stop solution for all payment gateway needs of a merchant.
PCI DSS is a proprietary information security standard for organizations that handle branded credit cards
Must Read
