Payment Card Industry Data Security Standard (PCI DSS)
Protecting your customers, securing the industry
PCI DSS is a set of 12 requirements designed to secure and protect customer payment data, as most security breaches could be avoided if merchants:
- Remove sensitive authentication data and limit data retention
- Protect the perimeter, internal and wireless networks
- Secure applications
- Protect through monitoring and access control
Setting the standard for security
To date, criminals have stolen millions of customer card records, leaving the industry facing the increasing threat of data theft.
That's why card payment companies joined forces to create the Payment Card Industry Data Security Standard (PCI DSS) with the aim of safeguarding sensitive card data.
By implementing the standards, businesses are protected against:
Communication Shutdown
Businesses that rely heavily on the internet are financially vulnerable to any loss of connectivity. This threat can be reduced and even prevented by building and maintaining a secure network that's protected by one or more firewalls.
Account Tampering
Installing up-to-date antivirus software to help resist Trojans and other malicious viruses protects data that's been entered, stored, processed and maintained by merchants.
Identity Theft
By protecting and encrypting cardholder data that's in transit across public networks, private details such as name, address, account number and expiry date are kept hidden.
Internal Theft
By using secure internal access controls, businesses and service providers can protect cardholder data from dishonest insiders and external fraudsters.
Website Tampering
To prevent 'defacement' where a slight alteration of web data entry forms deceives customers into revealing sensitive data, companies must be adequately protected by their network.
Ghost Attacks
Constant monitoring of activity prevents critical log and audit information being tampered with or erased and allows attacks to be traced back to source.
Legal Entaglements
With correct measures in place, businesses can avoid having illegal pornography or pirate movies copied onto their business computers.
Does PCI Apply To You?
If you store, process or transmit any cardholder data electronically or manually, then your business needs to comply.
You're allowed to store primary account numbers, cardholder names, service code and expiry dates, provided they're protected in line with PCI DSS requirements.
You're not allowed to store the following and if you are, must remedy the oversight immediately:
- Full magnetic stripe – track 2
- CVC2/CVV2/CID
- PIN/PIN block
- Sensitive authentication data, even if encrypted
Why your business needs to comply
At Unified Payments, it's our duty to regularly report to VISA and MasterCard, letting them know the status of merchants' compliance with PCI DSS. Based on these reports, they select businesses to investigate, with those found to be non-compliant facing fines and fraud costs.
That's why complying with PCI DSS should be seen as an insurance policy, protecting your business from the financial costs of failing to secure card data.
Furthermore, working towards compliance helps improve your processes, allowing you to operate more securely.
If you have any questions regarding PCI Compliance and your responsibilities, please contact Unified Payments representative at info@unifiedpayments.com.