PCI (Payment Card Industry) compliance is essential for any business that deals with card payments. Card payments hold personal and financial information that in the wrong hands can hurt not only the cardholder but also the business processing the payment. In this article, you will learn about PCI compliance, why compliance is important, and what PCI requirements are.
Payment Card Industry Data Security Standards, or PCI DSS, were created in 2004 by the four major credit card companies: Visa, MasterCard, American Express, and Discover. These standards are an important aspect of compliance. Rhonda Chorney, Financial Manager at the University of Manitoba, describes PCI DSS as “a widely accepted set of policies and procedures intended to optimize the security of credit and debit card transactions and protect cardholders against misuse of their personal information.”
Typical cardholder information includes things like name, address, account number, and social security number. Any misuse or unauthorized access to this information can lead to identity theft or financial theft where the business could be held liable for damages.
PCI compliance applies to any business that processes, stores, or transmits cardholder data; which includes software developers, processors, financial institutions, and merchants. A security breach due to noncompliance can have extensive consequences for your business, including:
Even just one of these consequences can greatly affect your business, which is why compliance education is important.
There are five main PCI requirements that must be followed to ensure a compliant environment:
All five of these requirements involve setting internal policies that are implemented and are to be followed by everyone within your corporation.
PCI compliance protects not only the cardholder but also the business processing the payment. Following the processes and procedures set forth by the PCI safeguards against the pitfalls of a security breach. However, your strategy is only effective if everyone in your corporation is aware of and trained on these processes and procedures.
Unsure of whether or not your compliance processes are up to par? We can help!
Chorney, Rhonda. DSS, P. (2016). Payment Card Industry Data Security Standards. International Information Security Standard.Take a Free Assessment