What is PCI DSS Compliance? Why Does it Matter?
Think about it: would you feel comfortable letting another person you didn’t know write down all your credit card information? You’d probably want to know that it was stored safely and that it wasn’t being reused by anyone.
With the changes to HTTPS encryption becoming a part of most browsers, it is important for eCommerce businesses to look at the standards for Credit Card Compliance that are expected by all consumers.
What is PCI DSS Compliance?
In a nutshell, the Payment Card Industry Data Security Standard (PCI DSS) is a standard for organizations that handle credit cards from companies such as Visa, MasterCard, Discover, American Express, JCB.
The PCI Standard was mandated in 2006 by the credit card brands themselves as a way to reduce card fraud. These brands created the independent Payment Card Industry Security Standards Council to help assist and oversee the PCI DSS standards.
The twelve steps to PCI security
According to the PCI Security Standards Council, there are 12 steps that you must follow to ensure PCI standards are being met:
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for employees and contractors
Most of these steps will be taken care of simply by using a third party payment processor, but some steps must also be handled by your team.
Even if you run a small business, it is important to have a team member who regularly checks these items and ensures you are meeting PCI DSS Compliance.
Does PCI Compliance matter for small business?
Taking one single credit card transaction is the equivalent of a person handing you keys to their safe. If your business doesn’t handle those ‘keys’ safely, and they fall into the wrong hands, then your customers will blame you just as much as whoever commits the fraud.
This is why regardless of the size of your business if you accept credit or debit cards, PCI compliance is a must. You must comply with all applicable standards even if you only process one credit card transaction per year.
As the world becomes more virtual, the trust that a customer feels for your business is essential. If they feel that their information is not secure, this can be a big part of why they don’t buy from you.
Ensuring PCI DSS compliance will help you appear professional and at the top of your game when managing eCommerce transactions for your business.