Blog Post
Payment Card Industry Data Security Standard compliance (PCI DSS)
Credit cards have become an established item in our personal inventory whenever we leave the house. Large bundles of cash have been replaced by a small and convenient card that fits neatly into our purses and wallets. Not only have credit cards replaced cash inconvenience but also from the perspective of security. Instead of writing off losing some cash to bad fortune from perhaps falling out of our pockets or having been stolen, credit cards offer the option of being canceled and put out of use when misplaced.
Credit cards offer us full access to our bank accounts at our fingertips wherever we are whilst maintaining the security of withdrawing if from the safety of a bank itself.
With all these advantages over traditional cash, what are the potential risks associated with this efficient new method of payment?
Credit card data theft is a very real and extremely common problem for cardholders so it falls to the credit card companies to enforce strict rules on the use and storage of this data.
The large credit card companies: American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc all came together in 2006 to create a set of rules for credit card compliance. The motivation for the creation of this regulation was to standardize the requirements for the safe use and storage of card data. The Payment Card Industry Data Security Standards (PCI DSS) came about as a result of this collaboration. This set of regulations sets out rules for organizations to adhere to in order to maintain a consistent level of data security for credit card information.
All organizations that store and process credit card information have a duty of care to the individuals whose data they store. The PCI DSS sets out formal requirements for these organizations to make sure that they are not taking any risks with their customer's data.
The incentive to maintain compliance is the avoidance of heavy fines and penalties imposed upon organizations that are found to be non-compliant. This financial penalty coupled with the associated damage to a business's reputation could prove to be extremely detrimental to an organization's success. For these reasons, it is in the best interests of financial organizations to constantly strive to achieve and maintain PCI compliance in a world where data is constantly at risk.
The PCI DSS council must ensure that organizations are being held accountable for if they are not taking the utmost care with the cardholder data that they store. The motivation for these organizations is the threat of being fined, in some cases very heavily. If such an organization is investigated and found not to be PCI compliant, they could face penalties ranging from as low as five thousand USD up to as much as one hundred thousand USD in severe cases. The fines are calculated based on the level of non-compliance and the guilty organizations can be fined continuously for months until they achieve PCI compliance.
Organizations that wish to maintain this high standard must constantly innovate with the methods and technologies they use to store and process cardholder information. Assuming that your organization is compliant because it has passed a single inspection is a slippery slope to falling back into the non-compliance bracket. Data breach technology is improving at a rapid rate and hackers and constantly innovating to find new ways to steal data. Cardholder data is very valuable as it is a direct link to an individual’s finances. Organizations need to constantly future-proof their networks against these threats and test for weaknesses wherever they may arise.
The attitude towards PCI compliance must be that of a constant desire to improve and test your network to make sure that it is secure. There is no easy fix for achieving compliance, it must become a part of everyday business practice and be a company-wide initiative.
Have questions about PCI DSS compliance or are curious to learn more about how Card Recon can help? Schedule a demo with a PCI data discovery expert today.