Why and How to be PCI DSS Compliant
Amy Nutt
The Payment Care Industry Data Security Standard or PCI DSS levies requirements on credit card merchants to safeguard consumers' credit information from malicious behaviour from identity thieves. The payment card industry providers such as VISA, MasterCard and American Express are now enforcing PCI compliance. Non-compliance can result in fines, restrictions or possibly permanent expulsion from card acceptance programs. If your business depends on accepting credit cards, then you have no choice than to become PCI compliant.
The new Payment Card Industry (PCI) data security standards are network security and business practice guidelines developed by Visa, MasterCard, American Express and Discover Card. They were developed to establish a 'minimum security standard' with regards to the protection of cardholders' account and transaction information.
What are PCI DSS requirements?
The PCI Data Security Standard represents a common set of industry tools and measurements to help merchants and credit card processors that store, process or transmit cardholder data ensure the safe handling of sensitive cardholder information. The standard provides an actionable framework for developing a robust account data security process that includes preventing, detecting and reacting to security incidents.
What are the benefits of working with a PCI Compliant Service Provider?
By working with a PCI compliant service provider you can ensure that cardholder account data being processed across your technical environment is protected. PCI DSS protects cardholders and minimizes the risk to your business.
The main benefits of implementing the PCI CSS for your organization and working with a provider that is compliant are:
- Protecting customer personal data - Increasing customer trust by demonstrating your commitment to the security of their personal information - Protecting your business from financial penalties - Leveraging a hosting provider's existing PCI DSS compliancy investment i.e. your technical infrastructure resides in a data centre that has already been audited - Potential savings starting at $100,000 in capital expenditures by outsourcing to a managed service provider that is PCI compliant
Who has to comply?
The credit card companies have made it clear that ANY entity that stores, processes, or transmits cardholder data regardless of their transaction volume, are required to comply with the PCI requirements. Failure to comply with the PCI security standard may result in substantial fines or permanent expulsion from card acceptance programs. Recent studies on financial fraud have indicated that hackers are increasingly targeting small, commercial Web sites, increasing the need for all merchants and service providers to become fully compliant with the Payment Card Industry (PCI) Data Security Standard (DSS). What do I need to do to meet the PCI standards?
The PCI standard comprises two basic steps: 1. Pass quarterly remote vulnerability scans conducted by a Visa and MasterCard "Qualified Independent Scan Vendor". Scans are required for all Internet connection points whether they are office networks or home/office connections (dial-up, DSL, cable or wireless) or permanent Internet servers such as your web site and email server, etc.
2. Successful completion of a security self-assessment questionnaire. The self assessment questionnaire asks specific questions about your internal security practices, both on your web site and in your office.
About the Author:
For e-commerce sites that involve credit card payments, this PCI DSS certification will provide greater security for business and customers. PCI compliance service providers assure that your data is protected.
|
