Being PCI compliant means following the guidelines set forth in the latest version of the PCI DSS (payment card industry data security standard) and if compliant at the time of a data breach, most processors and QSA’s (qualified security assessors) include coverage against the financial loss from the fines and legal fees associated with a data breach. But it isn’t simply a matter of following the guidelines by rote and expecting that no harm can come to you or your business. Computer and network security is a constantly evolving, moving target that must be continuously adapted and updated.
No security system is completely infallible due to a constantly changing computer security technology landscape, the continual invention of new products and methods, and good old human error. That being said, the goal for PCI compliance shouldn’t be absolute perfection, but significant progress, year after year, until fraud liability is at its lowest possible level. What was secure against outside access today may suddenly not be so tomorrow as criminal innovation continues to find new paths to circumvent even the tightest security systems.
For this reason, the PCI DSS and the requirements to achieve PCI compliance have a programmed life cycle of about three years. This way, the PCI SSC (payment card industry security standards council) is able, over time, to gather data and feedback from merchants, processors and financial services providers regarding which PCI compliance guidelines work and which don’t, as well as what items need to be enhanced or modified. In addition to the information provided by end users of the PCI DSS, it also allows time for other technological advancements and their impact on sensitive authentication data storage and transmission to be incorporated into the guidelines.
We’ll try to touch on this a little more next week. If your business is not currently PCI compliant, you are placing your livelihood at risk, as well as your customers’ information. See our home page to find out how your business can be PCI compliant today. Best of all, it’s absolutely free!