Q. What are PCI’s Data Security Standards (DSS)?
A. A common set of industry tools and measurements to ensure the safe handling of sensitive information. DSS was initially created by aligning Visa’s Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard’s Site Data Protection (SDP) program. This provides a framework for developing a robust account data security process – including prevention, detection and reaction to security incidents.
Q. Why comply with PCI’s DSS?
A. Your systems are secure, and customers can trust you with sensitive payment card information. Your customers have confidence in doing business with you, are more likely to be repeat customers, and are likely to recommend you to other merchants, as well. Compliance also improves your reputation with acquirers and payment brands – American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.
Q. What are the consequences if I do not comply with DDS?
A. Compromised data negatively affects consumers, merchants, and financial institutions. A single incident can damage your reputation and your ability to conduct business effectively for many years. Account data breaches can lead to loss of sales, relationships and standing in your community. Possible negative consequences also include:
- Lawsuits
- Insurance claims
- Cancelled accounts
- Payment card issuer fines
- Government fines
Q. Does the PCI Security Standards Council enforce compliance?
A. No, the PCI Security Standards Council does not replace the individual brands’ compliance programs. The individual participating payment brands separately determine what entities must be compliant, including any brand-specific enforcement programs.
Q. How do I get started?
A. If you accept payment cards, you are required to be compliant with the PCI Data Security Standard. You can find your exact compliance requirements only from your payment brand or acquirer. CHIPD can better educate you on what you will need to become and remain compliant. Some beginning steps you’ll want to take are:
- Assess — identify cardholder data, take an inventory of your IT assets and business processes for payment card processing, and analyze them for vulnerabilities that could expose cardholder data.
- Remediate — fix vulnerabilities and do not store any cardholder data unless it’s through a PCI DSS compliant gateway.
- Report — compile and submit required remediation validation records (if applicable), and submit compliance reports to the acquiring bank and card brands you do business with.
Compliance is an ongoing process, which helps to prevent security breaches and theft of payment card data today and moving forward. The PCI Security Standards Council is constantly working to monitor threats as data compromise becomes more sophisticated. They are constantly working to improve PCI Security Standards by training security professionals.
When you stay compliant, you are part of the bigger solution. If you have any questions or concerns regarding PCI Compliance, please contact your merchant service provider or contact us.