“The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.” – PCI DSS Website.
These standards deal not only with how business personnel handle the customer’s information, it also has a lot to do with the requirements and use of digital information systems and technology. The digital storage and transmission of credit card information is more complex and difficult to secure than most believe. With even big companies getting hacked in the news, you know that the threat is serious. As a matter of fact, small to medium sized businesses are at a higher risk of being targeted by hackers than larger corporations since hacker know their IT security is generally much less developed.
While PCI DSS is not a law and is not governed or enforced by governments or law enforcement, if businesses do not follow the standards and are found non-compliant anywhere in the world, they may be fined by the credit card providers and processors themselves, and/or their ability to accept credit card payments suspended or revoked. So, especially when combined with the losses associated with a successful hack or other breach, the consequences of non-compliance can be potentially devastating to any organization.
So, does this apply to you? Even if you don’t store credit card info, if your organization accepts credit or debit card payments, PCI compliance is a must regardless of the size of your business. For those who use third party processors to store and process the info for them, becoming compliant is simpler, but no matter what, you must comply with all applicable standards even if you only process one credit card transaction per year.
Movaci employs PCI certified Payment Card Industry Professionals (PCIP’s) and PCI certified Internal Security Assessors (ICA’s) who perform detailed PCI DSS compliance audits and consulting services. Let us know if you need help with IT security and PCI DSS compliance for your organization.