- What is PCI DSS Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to ALL organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands. - How Does PCI DSS Compliance affect me?
PCI DSS Security Standards were set forth by the card issuing associations in order to protect cardholder information and to help prevent credit card fraud, hacking, and other security issues. The PCI standards mainly focus on the encryption, storage, and transfer of this sensitive data while in a merchant’s possession. If your business experiences a breach of card holder data while not compliant with these standards, you may be fined by the associations up to $500,000 for the initial investigation as well as a fee per record that is compromised. What can’t be assessed is the damage to your business’s reputation due to loss of consumer confidence. - Isn’t PCI Compliance for larger merchants?
The truth is, PCI DSS Compliance is now a reality for ALL merchants regardless of size. Depending on the type of business and how the transactions are ran, level 1-3 merchants (annual POS transactions over 1 million) may have some additional requirements, but level 4 merchants (annual POS transactions under 1 million) are actually the most targeted by hackers and thieves. According to recent data, 80% of payment card compromises since 2005 affected Level 4 merchants. The penalties and fines can be excessive depending on the amount of information that is compromised and have put some merchants completely out of business.
What can I do to stay protected?
PCI Self Assessment Questionnaire – https://www.pcisecuritystandards.org/saq/index.shtml