Logo

Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages

WHAT IS PCI DSS?

22/06/2019

Christian Damour, Product and Services Manager – Security at FIME

As worldwide card fraud continues to rise, it is fundamental that the payments industry steps up to the challenge to prevent further data breaches and losses. One of the key elements of keeping data secure is PCI DSS compliance. The security standard has been around for a long time. But, shockingly, not all payments actors take it seriously. So, what is PCI DSS and why is it so important?

Introducing PCI DSS

PCI DSS compliance is a requirement for any entity storing, processing or transmitting customer cardholder data.

Christian Damour

Whenever a card payment is made – in-store, online or over the phone – the acceptance and processing infrastructure needs to be secure. To restrict the opportunity for fraud, the major payment brands (American Express, Discover, JCB, Mastercard and Visa) created the Payment Card Industry Data Security Standard – aka, PCI DSS. 

Tackling the technical: why is PCI DSS so important?

Fundamentally, PCI DSS helps to prevent fraud for both consumers and businesses. When thoroughly aligned with the standard’s requirements, the risks of cardholder data being compromised are significantly reduced.

However, the requirements are much more technical than other industry standards. Plus, many companies are not used to managing the myriad areas that need to be controlled across a payment IT infrastructure.

But failure to comply is dangerous, and common. Negative consequences include lost funds, identity theft, financial fines and, crucially, reputational damage. Research from Verizon in 2018 found that no organization affected by a payment card data breach was in full compliance with the PCI DSS requirements. This is a testament to the need for compliance to be taken more seriously.

Building compliance into your business

PCI DSS aims to pin-point the simple mistakes cyber thieves commonly target, such as weak passwords, misconfigured technologies and uneducated employees.

It may be tempting to just “check the boxes” of compliance. But dedicating the time to do a thorough infrastructure review is vital to protect your business. Responsibility does not just sit with merchants, either. Every entity touched by cardholder data has a role to play in ensuring the security and integrity of their systems to protect cardholder data.

This can be hard to achieve alone. But with the right approach and partner, companies can seek to significantly reduce the scope of its infrastructure that falls under PCI DSS. This in turn reduces the risk, ongoing expense and time of compliance long term. At the same time, it encourages the introduction of new technologies and methodologies to increase efficiency and deliver new innovative value-added services.

Seizing the opportunity

It is true that PCI DSS compliance can be complex, time consuming and expensive. But by not approaching compliance in the right way, your business could put data at risk. It could also exponentially increase the cost and time required to become certified. This is without considering the devastating impact that fraud could have.

By working with a strategic partner, merchants, public transport operators (PTOs), processors and acquirers can turn certification nightmares into business enablers. Utilizing their deep understanding of the ecosystem and the nuances of PCI DSS, the rules can be applied intelligently to reduce the scope of your compliance. This cuts the time and cost investment needed, all while reducing risk. What’s more, the right partner can help you to put new technologies and infrastructure to work, adding value to your business and customers.

To learn more about the challenges and opportunities of achieving PCI DSS compliance, read our eBook.

YOUR COMMENT

Your Comment

Email (will not be published)

Finance Derivative is a global financial and business analysis magazine, published by FM.Publishing. It is a yearly print and online magazine providing broad coverage and analysis of the financial industry, international business and the global economy.

Copyright @ 2018-2019. Finance Derivative. All Right Reserved