Payment Card Industry (PCI) compliance is adherence to a set of specific security standards that were developed to protect cardholder information during and after a financial transaction. If your business accepts credit cards, then the requirements apply to you.
PCI compliance specifies 6 major requirements:
- Transactions must take place in a maintained and secured network
- Cardholder information must be protected and encrypted if being transmitted through public networks
- Systems must be protected by using frequently updated anti-virus, spyware, and malware software
- System access must be restricted and controlled
- Networks must be constantly monitored and regularly tested to ensure effectiveness of all security measures
- A formal information security policy must be defined, maintained, and followed at all times
As you may have read in our previous blog, Upcoming Changes to Credit Card Processing, On October 1st, 2015 all merchants accepting credit cards must use EMV (Europay MasterCard Visa) readers to accept the new cards which use embedded chips to hold data. This authorization technology is now being introduced to the U.S. in an effort to increase data security. As a result, the burden of fraudulent activity during card-present transactions will now fall to the party who is least EMV compliant.
But beware. Being EMV will not make you PCI compliant. Though EMV technology works well in combating fraud, there are still several responsibilities a merchant must take action on in order to protect his or her customers and business. Learn more about this powerful combination.
As prime targets for hackers, small businesses must be up to date on the requirements. Non-compliance can result in termination of your right to accept payment cards as well as expenses such as a forensic investigation, fines to your acquiring bank which are then passed on to you, time and money towards implementing secure transaction technology and processes, and lost clientele. Take note of these industry statistics:
- 96% of breached businesses were not PCI compliant
- 98% of attacks originate from elaborate organized-crime groups
- 269 average days pass between network intrusion and detection
- 70% of breached businesses close their doors within one year of an attack
- $80,000 is the average cost of a breach
- 1 in 6 businesses will suffer a credit card breach in the next 24 months
Protection is needed because any business can be vulnerable to a cyber attack. Contact your credit card processor to develop a strategy to guarantee PCI Compliance. If you’d like to read more on the guidelines or would like to learn the specific compliance requirements for your card brand(s) visit PCISS.org.