These technical and operational requirements set by the PCI Security Standards Council are designed to protect cardholder data.
The Council is responsible for managing the security standards, while compliance is enforced by the founding members of the Council, American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
The standards apply to all businesses that store, process or transmit card holder data. A merchant who accepts or processes payment cards, must comply.
Each payment card brand has defined specific requirements for compliance validation and reporting, such as provisions for performing self-assessments and when to engage a Qualified Security Assessor. The Self-Assessment Questionnaire is a validation tool for eligible organisations who self-assess their compliance and who are not required to submit a Report on Compliance.
Non compliance may make a business liable for non-compliance fines. Ultimately the business may be prevented from accepting payments by card. There are considerable Card Scheme fines associated with non-compliance following a data compromise; these can range from ten to hundreds of thousands of pounds.
Fraudsters target the weak links in the payment chain to steal payment data (card numbers and card security codes) and customer’s personal information (names, addresses, phone numbers, email, date of birth etc.) for the purpose of committing fraud. A business suspected of suffering a data compromise, may be required to engage with a PCI Forensic Investigator and close any compliance gaps. If evidence of a compromise is established the business will be liable for the costs of the investigation which can run into £1,000’s.
Reputational damage is also a consideration. Loss of card data is likely to lead to loss of customer confidence and willingness to do business.
How Can Crimson Crab Help?
We offer a variety of solutions to help businesses with their compliance responsibilities>read more…
You may also be interested in F2 Business Huddle – networking with a purpose >read more…