Christian Damour, Product and Services Manager – Security at FIME
As worldwide card fraud continues to rise, it is fundamental that the payments industry steps up to the challenge to prevent further data breaches and losses. One of the key elements of keeping data secure is PCI DSS compliance. The security standard has been around for a long time. But, shockingly, not all payments actors take it seriously. So, what is PCI DSS and why is it so important?
Introducing PCI DSS
PCI DSS compliance is a requirement for any entity storing, processing or transmitting customer cardholder data.
Whenever a card payment is made – in-store, online or over the phone – the acceptance and processing infrastructure needs to be secure. To restrict the opportunity for fraud, the major payment brands (American Express, Discover, JCB, Mastercard and Visa) created the Payment Card Industry Data Security Standard – aka, PCI DSS.
Tackling the technical: why is PCI DSS so important?
Fundamentally, PCI DSS helps to prevent fraud for both consumers and businesses. When thoroughly aligned with the standard’s requirements, the risks of cardholder data being compromised are significantly reduced.
However, the requirements are much more technical than other industry standards. Plus, many companies are not used to managing the myriad areas that need to be controlled across a payment IT infrastructure.
But failure to comply is dangerous, and common. Negative consequences include lost funds, identity theft, financial fines and, crucially, reputational damage. Research from Verizon in 2018 found that no organization affected by a payment card data breach was in full compliance with the PCI DSS requirements. This is a testament to the need for compliance to be taken more seriously.
Building compliance into your business
PCI DSS aims to pin-point the simple mistakes cyber thieves commonly target, such as weak passwords, misconfigured technologies and uneducated employees.
It may be tempting to just “check the boxes” of compliance. But dedicating the time to do a thorough infrastructure review is vital to protect your business. Responsibility does not just sit with merchants, either. Every entity touched by cardholder data has a role to play in ensuring the security and integrity of their systems to protect cardholder data.
This can be hard to achieve alone. But with the right approach and partner, companies can seek to significantly reduce the scope of its infrastructure that falls under PCI DSS. This in turn reduces the risk, ongoing expense and time of compliance long term. At the same time, it encourages the introduction of new technologies and methodologies to increase efficiency and deliver new innovative value-added services.
Seizing the opportunity
It is true that PCI DSS compliance can be complex, time consuming and expensive. But by not approaching compliance in the right way, your business could put data at risk. It could also exponentially increase the cost and time required to become certified. This is without considering the devastating impact that fraud could have.
By working with a strategic partner, merchants, public transport operators (PTOs), processors and acquirers can turn certification nightmares into business enablers. Utilizing their deep understanding of the ecosystem and the nuances of PCI DSS, the rules can be applied intelligently to reduce the scope of your compliance. This cuts the time and cost investment needed, all while reducing risk. What’s more, the right partner can help you to put new technologies and infrastructure to work, adding value to your business and customers.
To learn more about the challenges and opportunities of achieving PCI DSS compliance, read our eBook.