|
PCI-DSS is the new buzzword in payment processing, but with all the information out there, you might be asking yourself some questions about compliance and data security. We're here with some answers.
What is PCI?
PCI-DSS is a set of technical and operational standards designed by the Payment Card Industry Security Standards Council to protect cardholder data. The Council is made up of Visa, Mastercard, Discover, American Express, and JCB.
Why is compliance important?
| • |
A typical data security breach costs a small business merchant between $25,000 - $50,000, but can be much higher depending on how many card numbers were compromised. |
| • |
Non-compliance makes a business vulnerable to fraudulent activity and data breaches. |
| • |
Investigations into data breaches commonly show that businesses who are breached have many PCI DSS violations. |
| • |
92% of cardholder data breaches occur in small business locations. They aren't the breaches we hear about on the news, but they are the most common. |
| • |
Compliance helps protect your business and reputation from financial losses and remediation costs with financial coverage in the event of a data breach. |
| • |
PCI compliance provides fraud protection for you and your customers by creating a business that is safe and confidential for cardholders to use their credit cards. |
| • |
PCI-DSS compliance is mandated by the card associations. The standard is overseen by an independent council of the five major card brands: Visa, MasterCard, American Express, JCB, and Discover. |
| • |
In 2005 at least 152 data disclosure incidents have been disclosed, potentially affecting more than 57.7 million individuals. |
Who needs to become compliant?
Anyone who stores, processes, or transmits cardholder data must adhere to the PCI-DSS in order to continue accepting payment cards.
How do I become compliant with PCI-DSS?
| • |
Elavon has teamed up with a security company, TrustWave, to provide you with a program to become PCI compliant. |
| • |
You will create an online account with TrustKeeper and will complete an online questionnaire about your credit card information security practices. |
| • |
If you process over an Internet connection, either with an IP terminal, a website, or with software on your PC, you will also be required to have your IP address scanned to check for vulnerablilites and malware. |
Where can I go for more information on PCI?
| • |
Visit the website of the PCI Security Council |
| • |
Visa's website includes details on the compliance program |
| • |
Even if you don't use a Merchant Connect account, you can read about compliance here |
| • |
TrustKeeper is the program merchants use to complete the questionnaire and scan | |
