Payment Card Industry Security Standard (PCI DSS) was established to oversee major credit card transactions from Mastercard, Visa, and American Express among other credit card companies. It as created by the card companies and administered by the Payment Card Industry Security Standards Council in an effort to protect cardholder data and to reduce the risk of credit card theft.
To ensure participating parties are compliant it is checked annually by merchant processors. For organizations handling large amounts of transactions, it is checked by a Qualified Security Assessor (QSA) externally or an Internal Security Assessor (ISA) who create Reports on Compliance (ROC). For smaller organizations, there is a simple Self-Assessment Questionnaire (SAQ) where the company answers how they are protecting their customers’ credit cards.
PCI compliance was created to provide a high level of protection for card companies by ensuring the participating merchants continue to meet specific levels of security when they are processing, transmitting and storing cardholder’s data.
The objectives of PCI compliance are to:
- Build and maintain secure networks
- Protect data of card holders
- Set up relevant management program
- Implement robust access control measures
With regard to small businesses, there are easy to follow steps for self-assessment of systems and risks. The Fig Pay Representatives online and/or in-person can walk you through the process to determine your readiness for a breach upon your data. There are various SAQs for a variety of different merchant environments. Each of the questionnaires includes a number of ‘Yes’ or ‘No’ answered questions for each requirement. If an organization answers ‘No’, the company may be required to make changes and report on the changes made and the date of the changes which happened.
The importance of following the established PCI cannot be underestimated. Any security breach and resulting compromise of customer card data may have serious consequences for the affected businesses. Loss of public trust, future business loss, more stringent reporting of company financial data, along with the very real financial losses, liabilities, and litigation are what any business owner can expect if they are ever hacked and lose their customers’ data.
Vigilance always needs to be done when it comes to processing and storing financial data. A system’s hardware and software need to be constantly updated and changing to match what is happening in the technical financial world. Remaining PCI compliant is a never-ending endeavor.
Here are a few tips and strategies found on the PCI Web site:
- Make sure you never store Sensitive Authentication Data like PINs, card verification codes, etc.
- Inquiry of your security system from your POS vendor.
- If you don’t need cardholder data, don’t store it!
- If you do need cardholder data, store it together and isolate it.
Maintain your company’s systems secure so that customers are able to trust doing business with you as they use their credit cards. By staying compliant and secure your business is part of a strong global response for fighting the incessant credit card fraud.