If you accept credit card payments, you’re likely familiar with PCI compliance and what it entails. If you accept credit card payments, or are considering it, and are NOT familiar with PCI compliance, be sure to take accurate notes on the information that follows as they relate to PCI non-compliance fines and penalties.
Created in 2004 by the five global payment brands — Visa, Mastercard, American Express, Discover and JCB — the Payment Card Industry Data Security Standard (PCI DSS) is a security compliance requirement for businesses that handle credit cards. It was created to protect customer and cardholder data from cyber attacks and fraud.
To become PCI compliant, businesses must adhere to strict policies and procedures in order to protect cardholder data, analyze security vulnerabilities, and remediate any issues that may occur while storing data. An ongoing process, businesses are required to submit any remediation records as necessary, and submit compliance reports to banks and credit card companies for continuing validation.
The latest version (PCI DSS 3.0) takes effect on July 1st of 2015 and raises the bar even more for security standards, with requirements like unique authentication for third parties/contractors and a new methodology for penetration testing.
Failure to become PCI compliant can have a huge negative impact on your business in several ways:
If your business is hit by a data breach and it involves customer payment information due to PCI non-compliance, any or all of the above consequences can burn your business straight to the ground. The sad and shocking truth is that while many businesses are initially PCI compliant, only 11% of them maintain compliance between assessments.
PCI compliance doesn’t have to be difficult. A little work up front will pay dividends. SiteLock® can help you get a better understanding of PCI Compliance that will help your businesses comply in minutes with its simplified questionnaires, avoid fees with easy reporting tools and keeps customer data safe with the PCI-certified TrueShield web application firewall. To avoid PCI non-compliance fines and penalties, learn more about SiteLock PCI Compliance for your business, click here.