Some of the most frequent questions we get are related to PCI compliance, or “Payment Card Industry (PCI) Data Security Standard (DSS). This month we share some important information from our friends at Elavon:
Businesses that keep data security practices up-to-date and top-of-mind reduce the risk of falling victim to some of the most common types of fraud and data breaches.
Your first line of defense is validating compliance with the Payment Card Industry Data Security Standard (PCI DSS). Businesses large and small are obligated to validate annual compliance with the standard. These standards validate that basic security requirements and best practices are in place to process, store and transmit debit and credit card data responsibly.
Criminals have discovered that many small businesses haven’t implemented or maintained the basic security practices required by the PCI DSS. As a result, attackers increasingly are seeking to compromise small merchant environments through targeted type attacks, which often go undetected for long periods of time due to a lack of monitoring by the small businesses.
Establishing and maintaining PCI compliance
To establish and maintain PCI DSS compliance, there are 12 goals and basic requirements every business needs to meet when accessing and processing cardholder data. Plus. validation of compliance is required on an annual basis. If you’re unsure of where to start, or your validation has lapsed, Elavon support teams can help you get back on track.
Validating (and remaining) PCI DSS compliant carries a range of costs. What you can expect to pay depends on your merchant level, which is dependent on variables such as size, location, and nature of your organization; the number of card-based transactions you accept annually; and how you capture and authorize your card-based payments (i.e., in-person, online, telephone, etc.). While you may not be thrilled to absorb yet one more operational fee, the potential financial loss and reputational damage that can come from fraud far outweighs any routine PCI program fees.
As a best practice, you should continuously enforce and monitor established PCI DSS controls. A startling 27.9 percent of PCI DSS validated small businesses do not maintain all the controls they originally put in place – dramatically contributing to the most common fraud and data breaches seen today.1
PCI DSS validation only reflects a single point in time. As your business evolves (training, policies, processes, points of sale, technology), so must your payment data security precautions. That is why is critical to keep up with periodic reviews and re-validate your compliance in a timely manner.
While data security is a complex problem, it doesn’t need to be complicated. Elavon has solutions to help make PCI DSS validation easier and a team that can help you identify and navigate the issues that have kept you from establishing or remaining compliant.