Credit card fraud is an insidious problem worldwide. It can ruin a consumer’s credit history, bankrupt a company, and erode the trust of both banks and merchants.
There are many ways that credit card fraud can happen – from phishing, to skimming, to BIN (Bank Identification Number) attacks, account takeovers, and even more. Billions are lost each year – not surprising, when you consider that a group of 100 anonymous thieves stole £10 million from 1,400 convenience stores in Tokyo within three hours on a Sunday using the data from just 1,600 South African credit cards.
So it’s more important than ever to be compliant with the PCI DSS. Learn more about the PCI DSS, and how we can help you with compliance.
PCI stands for the Payment Card Industry. This includes all businesses that deal with payments via ATM, debit, credit, prepaid, and point-of-sale (POS) cards. Add the DSS, and it becomes the Payment Card Industry Data Security Standard.
The PCI DSS handles the security protocols for all branded credit cards, and other major cards. It is the result of agreements among the PCI SSC, which is the Payment Card Industry Security Standards Council. Founded in 2006, the PCI SSC is comprised of hundreds of financial institutions and merchants, and manages the design, implementation, and updates of the PCI DSS as security threats and technology evolve.
PCI DSS compliance depends on the way your business uses PCI tools. Cardholder information can be stolen from a variety of sources:
Point of sale system
Online payment system
Even a wireless router!
Once you determine the storage and transmission of your company’s sensitive information, a secure network – with firewalls, security parameters, and encrypted transmission – must be designed, built, and well maintained. This still applies if you take credit card orders by phone – and even if you use third-party processing.
The best practices for the PCI DSS requirements are valid currently from the 1st of February 2018, and must be implemented by all business that use PCI tools. Fines range from $5,000 to $100,000 per month for violations.
This means that PCI Security Standards are not a one-time project for your company. And if you’re a small business, it’s not simply enough to have an SSL certificate. It’s an ongoing system of assessment, implementation, and reporting that is critical to your reputation and your bottom line.
At 100% Security, we understand that small and medium sized businesses are not equipped to handle the many steps to PCI DSS compliance. We stand ready to ensure that your company is PCI DSS compliant – now, and in the future.