A survey conducted in 2014 shows that nearly $16 billion losses were caused due to credit-card fraud. This could be, in part, because businesses may not maintain proper controls over the sensitive data in their possession.
PCI refers to the Payment Card Industry Council, which is the organization that self-regulates credit card payment methods. Initially, companies that had launched payment cards like Visa, MasterCard, and American Express, had their own their own operating policies and security programs. These security features were intended to ensure that partner-merchants followed minimum standards while storing, processing and transmitting data information about cardholders. To ensure that these security standards remained consistent across the credit card industry, the PCI Data Security Standard (PCI DSS) version 1.0 was launched in 2004 and finalized in 2007. The latest version was released in May 2018.
There are 12 major requirements mandated for PCI compliance. These PCI requirements are classified under six major groupings:
- Building/Maintaining Data Security Systems
- Protection of Data that belongs to Cardholders
- Implementing/Maintaining Vulnerability Management
- Strong Access Control
- Frequent monitoring/testing of networks
- Information Security Policy maintenance
Vendors have to maintain certain minimum data security standards to prevent any breaches of their customers’ credit card data. This process is dictated under the aegis of the PCI Council. This body has no powers to penalize or impose punishments themselves, but it is recognized by the major credit card companies. Non-compliance with the standards set by the Council may affect your reputation and brand and can result in penalties being imposed by your merchant account provider, possibly including the suspension of your merchant account. Businesses that take credit card information over the phone or Internet should also be compliant. Compliance covers debit, credit, and prepaid cards.
How to Remain PCI Compliant
It is crucial to maintain PCI compliance in order to accomplish the following:
- reduce credit card theft and fraud
- maintain strict controls over the cardholder’s data to avoid breach or compromise
- give customers a feeling of confidence
- boost the value of your business
- get more protection from hacker attacks
- gain higher levels of information security
Maintaining compliance is usually simple:
- Evaluate compliance level: There are different merchant levels based on number of transactions in a 12-month period. Each level has its own mandated level of compliance.
- Complete the questionnaire: The PCI DSS Self-assessment Questionnaire must be completed. This can identify gaps in your security
- Attestation of Compliance: Plug the gaps in your security and then provide an attestation of compliance. This is a self-attested claim that your business is on par with PCI standards.
- Submit Documents: The self-assessment questionnaire and attestation documents can be submitted to certify compliance.
Larger firms may also undertake a compliance audit. These steps will ensure that your business remains in compliance with PCI DSS standards.
For more information about how to remain PCI Compliant or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.