Readers of this blog know why the PCI DSS and PCI compliance are necessary, but I continue to hear merchants kvetching day and night about the inconvenience and meaninglessness of making their business PCI compliant. Well, spare yourself the angry feelings and wake up and smell the coffee. PCI compliance means taking responsibility for the safety of the sensitive information that your customers are kind enough to share with you for the purpose of payment convenience. Maintaining your business’s PCI compliant status isn’t just a suggestion or option that you ought to do but don’t really have to. The world is changing, technology is changing and the payment card industry is changing. As a merchant you will have to change as well, adapting to new equipment and protection measures. It becomes somewhat Darwinian when it comes to technological evolution, adapt or die.
The PCI DSS was created largely in response to the biggest data breach in electronic processing history. A few years ago a major processor and issuer of Visa and MasterCard accounts was hacked and, after an investigation, found that over two million bank accounts had been compromised! At the time the PCI DSS didn’t exist, but Visa Inc, always concerned with fraud and revenue loss prevention, had a fledgling, non-mandatory security program called the cardholder information security program or CISP. As the name suggests this program was offered to and aimed at protecting Visa credit card account holders. Since it had some of the foundations of sensitive data protection, the program was fleshed out and redubbed the payment card industry data security standard or PCI DSS. The set of protocols was then adopted by all five major international credit card issuers and became an industry-wide requirement.
You are liable for compromised data that was obtained from your records. Depending on the number of accounts the thief accesses, the fines and replacement costs can soar. Add legal fees and other applicable industry penalties and the cost can become truly astronomical. Don’t delay another day, see our home page for information on how you can be PCI Compliant for free.