A GUIDE TO PCI COMPLIANCE : Payglobal & HRMS Support

What it is PCI compliance and why does it matter?

If you own an online shop, bank online or use credit and debit cards, there is a very good

chance that you have heard the term "PCI compliant." However you probably don't know what

it means.

The term "PCI compliant" is heard more and more these days as data breaches at merchants such as a

large American retail copmany TJMaxx land hundreds of thousands of card details in the hands of criminals.

Thesecriminals are using the data to make purchases and withdraw money from accounts of

unsuspecting victims.

It's a huge and growing problem. More than 80% of data stolen in breaches is payment card

data, according to the '2009 Verizon Business Data Breach Report'.

Who are PCI Security Standards Council

The PCI Security Standards Council is an open global forum, launched in 2006, that is

responsible for the development, management, education, and awareness of the PCI Security

Standards, including: the Data Security Standard (DSS), Payment Application Data Security

Standard (PA-DSS), and Pin-Entry Device (PED) Requirements.

What is the standard exactly?

It's the PCI, which stands for Payment Card Industry, data security standard. It's a set of 12

specific requirements that cover six different goals. It's very prescriptive. It says not only that

you need to be secure but it tells you how to become secure. It's more about security than

compliance. The goals are things like:

• Build and maintain a secure network

• Protect card holder data

• Regularly monitor and test the networks

What if I don't want to become PCI compliant?

If you decide not to become compliant then you can still open an account with us. However...

If you are not compliant to the Payment Card Industry Data Security Standards (PCI DSS)

you will be responsible for any losses through fraud, and may also face considerable fines.

Your customers will suffer if their card details are compromised. Your business reputation will

suffer as a result.

Taking responsibility for PCI compliance forms part of your merchant Terms & Conditions

If a merchant is found to be not PCI compliant, what are the consequences?

90% of consumers don't understand the difference between credit card fraud and identity

theft. If they hear that their credit card has been stolen, many of them believe their identity is

at risk. If that's the case many of your customers won't shop with you anymore because they

are afraid you are not protecting their data and someone is going to steal their identity. That's

the worst thing that can happen. The biggest problem would be if your customers walk away.

There are reputational damages they have to deal with, which 9 times out of 10 cannot be

measured in terms of money.

What part of the standard is mandatory and what is voluntary?

It's all mandatory. Nothing is voluntary. The rule is if you store, process, or transmit credit

card data you must be compliant with the PCI standards. And that's a global rule.

How do I become compliant?

You can become compliant by using an assessor.

Isn't this just another way of getting more money out of businesses?

Not at all. This is for the benefit of all concerned. 80% of all online fraud occurs using stolen

or missused payment details.

Payglobal & HRMS Support

How can we help you today?

A GUIDE TO PCI COMPLIANCE Print

How can we help you today?

A GUIDE TO PCI COMPLIANCE Print

Related Articles