Digital payments including card payments are widely used due to a wide range of conveniences – non-handling of cash, credit, tracking of purchases and expenses, etc…, However, the loss of card data is a massive threat that affects the cardholders, the merchant, and the payment bank. Though this has been a deterrent, card payment is there to stay. It is the responsibility of any merchant who accepts card payments to protect card and card holder data. And the way to go about it is to ensure PCI DSS Compliance.
What is PCI DSS?
The Payment Card Industry Security Standards Council (PCI SSC) is a global open body that promotes the Payment Card Industry Security Standards. American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc., are the five founding members of this council. This global organization maintains, evolves and promotes the PCI standards for the safety of cardholder data.
Securing payment data is necessary for all entities that store, process or transmit cardholder data. The PCI data security standards (PCI DSS) provide the guidance for maintaining payment security. These set the technical and operational requirements for organizations that accept or process payment transactions. These standards also specify the requirements needed for those related to the devices and applications – such as device manufacturers and software developers.
What is PCI Compliance?
Adhering to the PCI DSS standards set by the PCI SSC will help the enterprise or merchant ensure PCI compliance. However, the enforcement of PCI DSS or determination of non-compliance penalties are not done by the council, but only by the payment brands.
The need of PCI DSS Compliance
Ensuring the security of cardholder data is very critical. Loss or theft of this data affects customers, merchants and financial institutions linked to the processing of this cardholder data. Customers will use their cards for payments only if they are confident that their card data would be secure. If that trust is lost then they will no more perform any card transactions. Card payments will become redundant. The whole industry will collapse.
Cash transactions carry some risk and are not the preferred mode of payments. However, if cardholders experience any risk of card data and suffer any misuse of their data, then they would try to refrain from performing any card payments.
There are many PCI DSS specifications, and the enterprise/merchant will have to ascertain what they have to comply to. Notably, they should build and maintain a secure network. Preferably, they should not store any cardholder data, and if they need to then they must take adequate security measures to protect the data. They should have a system to manage vulnerabilities, by keeping their operating system updated and regularly patched, and a robust antivirus application that effectively keeps malware out.
Ensuring PCI Compliance is definitely needed now, more than ever, due to the increasing malicious attacks on Point of Sale (POS) devices and networks. Cyber criminals have been very successful in exploiting vulnerabilities in less secure POS networks, and have stolen and misused the cardholder data. This has caused significant losses to both merchants and users. Ensuring PCI Compliance is definitely needed now.