Is your business PCI compliant? It is? That’s great, but now that you’ve completed an SAQ (self assessment questionnaire) and registered with your service provider, it’s not time to rest on your laurels come what may. The PCI DSS (payment card industry data security standard) is a set of goals and procedures that the industry requires all merchants to follow, but filling out an SAQ and validating your compliance doesn’t make your business, computer network or customers’ information totally secure. Only you and your employees can actually take an active role in the protection of your sensitive authentication data and the identification and containment of threats. It’s a tool to use when going about the task of securing the integrity of your network and company or customer information, a foundation from which you can more efficiently and effectively maintain a high level of data protection.
But even the most finely crafted of tools is useless without an operator skilled in its uses. The same is true of the PCI DSS as it is of any tool and must be regularly monitored, maintained and updated as needed to be truly PCI Compliant, in both letter and spirit. It is analogous to the current battle being waged between medical science and lethal bacteria, medical science being just an antibiotic step or two ahead of the most deadly bacteria. The same is true with regard to computer security technology versus computer hacking technology.
Just doing the bare minimum that the PCI DSS requires for becoming PCI compliant may ward off the fines charged by the industry for having an expired PCI compliance validation, but true compliance goes beyond just the letter of the law. The sprit in which the PCI DSS was generated, and that of its predecessor, the CISP (customer information security program) started by Visa is that of an involved and ongoing commitment to sensitive authentication data security. If everyone is concerned with having the best defenses in place and the protection of their customers’ cardholder data, it not only benefits the individual, but the integrity of the entire payments system.
If you’ve hesitated for some reason before, now is the time to get your business PCI compliant. See our homepage for information on how to do it absolutely free.