What is PCI DSS and Why Does it Matter?
Hosting an eCommerce website already comes with its own headaches, where to host it for optimum speed, what to use as a payment gateway, what cart to use etc etc and then your payment merchant contacts you to check your PCI status and the question that may be on your mind is “What is PCI DSS and Why Does it Matter?”. PCI DSS matters because not complying with the Payment Card Industry Data Security Standard (PCI DSS) means not following best practices for keeping your customers most sensitive information out of the wrong hands. Large companies aren’t the only ones under attack. The payment brands that comprise the Payment Card Industry know this and that is why they got together to create the standard.
PCI DSS A Brief Explanation
Launched by five global payment brands (American Express, Discover, MasterCard, Visa, and JCB [Japan Credit Bureau]), PCI DSS is a set of information security regulations that apply to any organization that handles cardholder information. All organizations, large and small, must comply or risk penalties from the payment card companies.
Compliance is becoming increasingly important but it may not be the headache you expected. Simple Servers are happy to offer a service to its clients achieve the relevant status, please contact us to arrange a quote.
These are the levels of PCI compliance:
- PCI Compliance Level 1
Over 6 million Visa and/or Mastercard transactions processed per year - PCI Compliance Level 2
1 million to 6 million Visa and/or Mastercard transactions processed per year - PCI Compliance Level 3
20,000 to 1 million Visa and/or Mastercard e-commerce transactions processed per year - PCI Compliance Level 4
Less than 20,000 Visa and/or Mastercard e-commerce transactions processed per year all other companies that process up to 1 million Visa transactions per year
What do these levels of PCI compliance mean?
Companies that meet Level 1 must have yearly on-site reviews by an internal auditor and a required network scan by an approved scanning vendor. A full list of approved scanning vendors (ASV) and contact information is available online from the PCI Security Standards Council.
Any companies that meet PCI compliance Levels 2, 3 or 4 must complete the PCI DSS Self Assessment Questionnaire annually and undergo quarterly network security scans with an approved scanning vendor.
Benefits Of Been Compliant
- Compliance with the PCI DSS means that your systems are secure, and customers can trust you with their sensitive payment card information:
- Trust means your customers have confidence in doing business with you
- Confident customers are more likely to be repeat customers, and to recommend you to others
- Compliance improves your reputation with acquirers and payment brands — the partners you need in order to do business
- Compliance is an ongoing process, not a one-time event. It helps prevent security breaches and theft of payment card data, not just today, but in the future:
- As data compromise becomes ever more sophisticated, it becomes ever more difficult for an individual merchant to stay ahead of the threats
- The PCI Security Standards Council is constantly working to monitor threats and improve the industry’s means of dealing with them, through enhancements to PCI Security Standards and by the training of security professionals
- When you stay compliant, you are part of the solution – a united, global response to fighting payment card data compromise
- Compliance has indirect benefits as well:
- Through your efforts to comply with PCI Security Standards, you’ll likely be better prepared to comply with other regulations as they come along, such as HIPAA, SOX, etc.
- You’ll have a basis for a corporate security strategy
- You will likely identify ways to improve the efficiency of your IT infrastructure
Penalties For NOT Been Compliant
-
- Compromised data negatively affects consumers, merchants, and financial institutions
- Just one incident can severely damage your reputation and your ability to conduct business effectively, far into the future
- Account data breaches can lead to catastrophic loss of sales, relationships and standing in your community, and depressed share price if yours is a public company
- Possible negative consequences also include:
- Lawsuits
- Insurance claims
- Cancelled accounts
- Payment card issuer fines
- Government fines
You’ve worked hard to build your business – make sure you secure your success by securing your customers’ payment card data. Your customers depend on you to keep their information safe – repay their trust with compliance to the PCI Security Standards.