If you read this blog regularly you know that I’ve counseled readers on proper assessment of risk. The PCI DSS (payment card industry data security standard) is there to provide a guide or map for merchants to follow in order to protect the integrity of their network and hard copy data security. You might think that, since it’s so important and the PCI SSC (payment card industry security standards council) has done all the hard thinking, statistical compilation, and best procedure figuring, that merchants would be glad to take the final step of making sure their business operates in accordance with PCI compliance. Making your business PCI compliant is the best way to protect your customers’, and in doing so your, sensitive authentication and personal data.
The problem with convincing merchants to take PCI compliance seriously is rooted deeply in the human psyche. It is just a natural human foible that we tend to grossly overestimate the risk of something terrible but highly unlikely happening to us. For instance, broach the subject of shark attacks with any group of beach goers and you’re likely to hear a lot of inordinate fears of becoming a big fish’s dinner. Make the mistake of reading Peter Benchley’s Jaws close to or during a beach trip, and you can ratchet up that irrational fear to super high levels.
The truth is, there are less than a dozen reported shark attacks per year in the United States for the last ten years running, with the annual total less than 5 reports in the majority of those years. But the same people who’s nightmares are plagued with sharks, blithely get behind the wheel of a car without a thought about the fact that tens of thousands of people are killed in cars every year. Are they, or you, afraid of driving a car? I’m not afraid of it at all, but statistically, driving is far more risky than swimming in the ocean where sharks and other predators live.
So if you’re not PCI compliant yet, and you think you’re safe from thieves and hackers, think again. There are inherent risks that go along with processing credit cards. Following the goals and procedures outlined in the PCI DSS is your best defense against theft or fraud. The thieves are definitely out there, are you definitely doing all you can to protect your customers’ information? See our home page for information on how you can make your business PCI compliant easily, and at no cost.