The Payment Industry Data Security Standard or PCI DSS is a proprietary standard for all organizations that handle branded credit card transactions from providers such as MasterCard, Visa, American Express, Discover and JCB. Essentially PCI DSS is a standard set of security rules to ensure safe and secure transmission of data.
Who needs to comply with PCI DSS?
This applies to any organization that processes credit card transactions. These rules are administered by the PCI council. Which was originally founded by American Express, Discover, JCB, Mastercard and Visa.
PCI Compliance audits
It is common to submit yearly or sometimes quarterly as requested by your provider a compliance audit. These take the form of self assessment in some cases or a more formal process may be required. Frequency of submissions is often driven by the share number of transactions you conduct. You are typically signing off that your data network and transmission of data is secure and protected.
Fines for non-compliance of PCI DSS
The fines range and vary. Typically when there is a breach of card data your organization will be levied bank fines as card holders are protected. Fines vary in cost from $5,000 to $500,000. However the bad publicity and cost to cover credit monitoring for your customers becomes expensive also.
Recent examples of large organizations that were not fully PCI compliant most certainly made the headlines. In 2014 Home Depot had 56 million cards exposed in a unique custom malware scam. Whilst your organization may not be at the scale of Home Depot no business large or small can ill afford upset customers.
How to become PCI compliant?
The first step is engaging a professional security organization that understands network security and PCI compliance. Utilizing industry leading tools we manage and monitor your network to ensure your business can continue to process transactions in a safe and secure environment.