Info&Resources

What is PCI-DSS?

Written by Sarah Reynolds on . Posted in Information & Resources

From Kuala Lumpur to Rio de Janeiro, businesses are coming to understand the importance of being PCI-DSS compliant. Whitakerbrothers.com wants to prove to consumers that it cares about the security of its consumers’ credit information by explaining why it continually strives to be PCI-DSS compliant.

PCI- Payment Card Industry; DSS- Data Security Standards

With cyber security breaches and data theft becoming ever more common these days, businesses have started to band together to prevent unauthorized access to consumer information. By making your business PCI-DSS compliant, you help enforce data security standards for all businesses by making securing consumer credit card data, well, the standard.

What is PCI-DSS compliance and why should I worry about it?

A business is PCI-DSS compliant when it follows a list of 12 guidelines concerning the use and storage of credit card information. For a summarized list of those guidelines click here. Non-compliance results in fines levied by credit card companies, consumers and even the government.

Why should businesses be compliant?

It is a business’s responsibility to look after the credit card data it receives. Displaying PCI-DSS compliance shows consumers that the business can be trusted. Consumers need not worry that their information will be victim to credit card fraud.PCI Compliance

Who is responsible for creating and updating the data security standards?

PCI Security Standards Council is the body that makes sure data security standards are up to date. Not only this, it offers courses all around the world, from Rio de Janeiro to Kuala Lumpur, for businesses who want to become PCI-DSS compliant. The council also offers a list of registered PCI compliance instructors and assessors.

Why was the council created?

In 2006 a group of the major credit card companies; Visa, Mastercard, American Express, Discover, and GCB; decided it was time to be unified in protecting customer data. Collectively, these five companies are referred to as PCI: Payment Card Industry. Together these companies created the PCI Security Standards Council to develop a customer data security standard for all companies, big and small.

What are the consequences of non-compliance?

Non-compliance can result in lawsuits, government fines, cancelled accounts, payment card issuer fines and insurance claims. Plus, a business can lose the confidence of not only its consumers, but also its essential partners.

How might the Data Security Standards (DSS) change in the future?

Soon, the way consumers pay for things will require a major change in DSS. Right now, most consumers in the U.S. pay for items using the magnetic black strip on the back of their credit cards.

Chip

This method of communicating consumer information, otherwise known as the “swipe and sign” method makes it easy for another person to steal the card and use it. For PCI, this type of method necessitates higher security standards for businesses who accept information this way.

Businesses in the U.S. are slowly transitioning from the magnetic strip method to the chip method of payment, which is already commonly used throughout Europe. The “chip and pin” method is a much more secure way of communicating customer data, but the transition will require PCI to scrutinize chip readers and the businesses that use them to make sure that no one takes advantage of the new system.

Though generally safer than the swipe-and-sign method, the chip-and-pin method presents potential security risks at ATMs. Currently, pin numbers for non-chip cards are stored in a central location and cannot be changed other than by contacting the bank by phone. With the chip-and-pin cards, cardholders have the option of changing their pin at their local ATM. Securing thousands of ATM locations may prove to be much more difficult than securing several, centralized locations.

Ever-changing technology ensures the PCI collaboration on data security standards will never become obsolete. PCI will be perpetually updating its standards for new machines and new transaction methods, and businesses are also responsible for keeping up-to-date. Becoming PCI compliant isn’t a one time affair, but rather a continual effort to ensure that consumers can conduct credit transactions without the fear of having their data stolen.

According to the FACT Act of 2003, all credit card companies are required by law to dispose of hard-copy consumer credit information by “burning, pulverizing or shredding“. For shredders that meet FACT Act standards try these strip cut, cross cut, or high security shredders. Need to destroy credit cards and USBs too? Try these machines on for size.

 

Trackback from your site.

Sarah Reynolds

Multilingual shredder enthusiast.

Leave a comment