PCI DSS Compliance

What does PCI DSS Compliance Mean? Why do I need it?

The full term stands for Payment Card Industry Data Security Standard and is an information security best practice for businesses or organizations that handle cardholder information for credit, debit, prepaid, and ATM cards.

Standards are defined by the Payment Card Industry Security Standards Council to reduce credit card fraud and certifications are done annually by an external Qualified Security Assessor (QSA) for business that handle large transaction volumes or by a Self-Assessment Questionnaire (SAQ) for businesses handling smaller transaction volumes.

Benefits of compliance to business of all sizes:

- It means your systems are secure and that customers can trust you with their card information

- It improves your reputation with payment brands and acquirers which you need in order to do business

- It's an ongoing process, so when you stay compliant, you're assisting in combating payment card data compromise

- You'll be better prepared with other regulations such as Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX) etc

- You'll most likely find ways to improve your IT infrastructure and have a base for a security strategy

What happens if you're not compliant:

- It only takes one incident to damage your reputation and business in a catostrophic way

- Data being compromised will negatively affect your customers, banks, and merchants

- Other negative consequences include govenment fines, payment card issuer fines, lawsuits, insurance claims and more

For more resources, visit PCI Security Standards Council along with how you can get started.