What does the Payment Card Industry Data Security Standard Mean for Your Business?
September 08, 2014
If your business accepts credit cards, make sure you know how to keep your customers information secure.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards that establishes and enforces security requirements for customers, businesses and service providers. It was developed by the Payment Card Industry Security Standards Council (PCI SSC), which includes American Express, MasterCard Worldwide, Visa International, Discover Financial Services and JCB International. In other words, PCI SSC gives your business a plan in preventing data breaches. These are also the standards that all companies accepting, processing or storing card data must adhere to. Failure to comply can have enormous financial implications to the business in the event of a card breach. There are four levels of compliance to which a payment card accepting business may be subject to. The standards become more stringent as a business accepts or stores more payment card data in the course of its operations.
Businesses are vulnerable to cyber security breaches because they often fail to meet the requirements bestowed upon them by the PCI DSS. If cardholder data is stolen, your business may be responsible for tremendous damages that might occur. Credit card data that has been breached can lead to fraudulent purchases and extensive card re-issuance expenses, all which can fall on your business. Your customer’s data can become compromised in several ways: from the credit card reader you use, filing cabinets that hold private customer information, breaches of payment system databases or by other innovative means contrived by hackers. As a result of a data breach, your business can face fines, lose the ability to accept payment cards, lose sales, face legal costs, be subjected to higher credit card usage fees or even potentially go out of business. According to the 2013 Symantec Internet Security Threat Report, two-thirds of all businesses that experienced a data breach end up going out of business within six-months.
Sample steps from the Payment Card Industry Security Standards Council on securing customer data:
- Buy and use only approved PIN entry devices as your point-of-sale system.
- Use only legitimate payment software at your point-of-sale.
- Do not store sensitive data on computer systems or on paper that isn’t essential.
- Use a firewall on your company network and PCs.
- Make sure your wireless network is password protected and encrypted.
- Use strong passwords and change default passwords on all hardware and software.
- Check point-of-sale systems and PCs for rogue software or hardware.
- Educate employees about protecting cardholder data.
Protecting your data is extremely important. For additional insight on making sure your data is secured, read about the latest tool being used to gain access to customer credit card information. The contents of this article and the linked materials do not offer legal, business or insurance advice related to the needs of any specific individual business. Hiscox Small Business Insurance is underwritten by Chicago-based Hiscox Insurance Company Inc., which is rated ‘A’ (Excellent) by A.M. Best Company. Additional information can be found on the Why Choose Hiscox? page. Coverages are subject to underwriting and may not be available in all states.