Insights

PCI Compliance-12-18-2009

LOUISVILLE, Ky. (December 18, 2009) – Hacking and data breaching for profit are unfortunate everyday occurrences throughout our society. Far removed from petty criminals and purse thieves, cybercriminals are precise, subtle, and can be located anywhere in the world. And, their damage amounts to more than just dollars. A knowledgeable hacker can steal an identity so completely that the victim might never regain credibility!

The business security industry has struggled to keep up with the technological advancements used by identity thieves, and while online threats often gain the most media attention, there is still plenty of need to secure the world of brick-and-mortar retail.

Regardless of location, credit cards and debit cards tied to bank accounts are two of the primary targets for identity thieves. The payment card industry (PCI) formed the PCI Security Standards Council (SSC) to address known problems with securing consumer information during payment card transactions. Today, it is critical for all businesses to be in compliance with PCI security standards and guidelines, not just in the name of good business, but to protect consumers and avoid significant consequences.

What Is the PCI Standard?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations designed to standardize and strengthen the means by which consumer data is secured against electronic theft. Compliance with PCI DSS is required to ensure that all businesses that process, store or transmit consumer payment card data operate with secured infrastructures. In addition, the PCI DSS helps to facilitate international standards of data security for all types of business, while also encouraging consumer confidence in payment card transactions.

Who Is Subject to PCI Compliance?

Any business that accepts payment via credit or debit cards is subject to PCI DSS compliance. This includes small businesses, businesses run from consumer homes, businesses that operate through third-party processors, and online-only banks and retailers. Businesses that fail to reach this level of compliance may see their banks fined anywhere from $5,000 to $100,000, an expense which will likely be passed on to the business itself, in addition to bank-imposed penalties or a termination of the bank-merchant relationship.

How Can Businesses Reach Compliance?

The PCI SSC provides the PCI requirement standards as 12 responsibilities within six distinct action groups:

Build and maintain a secured environment.

Protect consumer financial data.

Establish a program for vulnerability maintenance.

Establish restrictive access controls.

Test and maintain security measures.

Adopt an information security policy.

In addition, businesses can implement security measures outside the minimum requirements of PCI compliance that can help keep sensitive consumer and business information secured. These measures include comprehensive end-user identity verification and authentication procedures, among others. Verifying and authenticating consumer identities before proceeding with a transaction can protect your payment systems from unauthorized access and prevent losses incurred through fraudulent transactions.

Electronic Verification Systems, an industry leader with more than 10 years of data provision and fraud prevention experience, specializes in integrating identity verification and authentication procedures into established business security structures. We can help you implement a comprehensive verification program that blends seamlessly into the end-user experience for the very best in security and customer satisfaction.

Explore more articles