Many people reach for plastic instead of paper when making a purchase, so protecting consumer data is a key part of any business. When the proper precautions aren’t taken, merchants run the risk of a data breach, which can have serious ramifications and negatively impact an organization. This is why the Payment Card Industry Security Standards Council (PCI SSC) developed PCI DSS, which stands for Payment Card Industry Data Security Standards, more than 10 years ago—to make sure businesses are being proactive and taking the necessary steps to keeping their software secure.
In order for a business to be PCI compliant, it must meet the six objectives and 12 requirements enacted by the Council. This includes maintaining a secure data storage network and testing it for effectiveness on a regular basis.
Here are four interesting facts every business owner should know about these standards:
1. Being PCI compliant is a requirement—but not all businesses are.
According to the Verizon 2015 PCI Compliance Report—the most recent report discussing such data—“four out of five companies are still failing” to follow the PCI Security Standards. There has been a significant increase over the years, but a substantial number of businesses are still not on board quite yet. Plus, although some businesses manage to become PCI compliant, many of them don’t stay that way. As discussed in the report, “less than a third (28.6%) of companies were found to be still fully compliant less than a year after successful validation.”
2. Noncompliance will cost your business money.
If your business fails to become or stay PCI compliant, you are likely to face several fines and penalties. As a result, it’s not only important to adhere to these standards for security reasons, but essential, because it will cost you if you don’t. Owning and running a business is an expensive endeavor as it is, so it’s best to follow these requirements in order to avoid unnecessary fines. The PCI SSC states you could lose your ability to accept credit and debit cards from customers as well, jeopardizing the success of your business even more.
3. Most data breaches occur due to weak passwords. PCI DSS offers ways to strengthen your security systems.
The majority of data breaches are successful because they leverage “either stolen and/or weak passwords,” as stated in the 2017 Data Breach Investigations Report by Verizon. This is why the PCI SSC requires businesses to change their security passwords from the vendor-supplied defaults. The organization urges merchants to choose “complex passwords and change them frequently,” especially “after you have outside contractors do hardware, software or POS system installations/upgrades.”
4. The PCI SSC and EMVCo are working together.
In late 2016, it was revealed the PCI SSC and EMVCo were joining forces to improve the online payment process, making it more secure for consumers. Their collaboration is called 3-D Secure 2.0, a messaging protocol that authenticates and validates consumers' cards in reflection of current and future market requirements.
To find out more about 3-D Secure 2.0, visit EMVCo’s website.