PCI (or Payment Card Industry) Compliance refers to the security standards that businesses who accept credit cards must follow. Any business, from startup to franchise, must follow these regulations to ensure the safety of their consumers' privacy and financial data. Failure to follow this code can result in loss of patronage, and even lawsuits. Learning how and why you should make sure your business PCI compliant can save you and your customers from dangerous security breaches.
"PCI Compliant" refers to the twelve steps necessary to facilitate and maintain secure data storage standards, as defined by the PCI Security Standards Council. These are as follows:
- Installing and maintaining a firewall.
- Changing factory preset passwords and usernames on terminals and storage devices.
- Protecting stored data.
- Encrypting transmissions over public networks.
- Maintaining updated and relevant anti-virus applications.
- Developing and maintaining secure systems.
- Restricting cardholder data to limited access.
- Assigning personal sign-in information for everyone using computers.
- Restricting physical access to cardholder information.
- Monitoring network resources.
- Regularly testing security systems.
- Maintaining a PCI Compliance policy within company personnel.
Even if your business isn't PCI Compliant, your methods of transferring, storing, and accessing your customers' credit card data may still be safe, hence, why the term used is "compliant". However, not using a compliant host for your data can open up a doorway for hackers who look for easy loopholes in your data's security. The regulations are there to protect both companies and cardholders, alike, and are not subject to interpretation or misuse.
The penalties for not being PCI Compliant and suffering a security breach can be devastating to a company's reputation, chasing customers and investors away with even a rumor of lax security. In addition to being sued and fined by companies who issue credit cards, a security breach can result in being investigated by the government, and the expense behind recuperating from a data security breach is steep.