PCI DSS Compliance

Credit card fraud is an insidious problem worldwide. It can ruin a consumer’s credit history, bankrupt a company, and erode the trust of both banks and merchants.

There are many ways that credit card fraud can happen – from phishing, to skimming, to BIN (Bank Identification Number) attacks, account takeovers, and even more. Billions are lost each year – not surprising, when you consider that a group of 100 anonymous thieves stole £10 million from 1,400 convenience stores in Tokyo within three hours on a Sunday using the data from just 1,600 South African credit cards.

So it’s more important than ever to be compliant with the PCI DSS. Learn more about the PCI DSS, and how we can help you with compliance.

What is PCI DSS?

PCI stands for the Payment Card Industry. This includes all businesses that deal with payments via ATM, debit, credit, prepaid, and point-of-sale (POS) cards. Add the DSS, and it becomes the Payment Card Industry Data Security Standard.

The PCI DSS handles the security protocols for all branded credit cards, and other major cards. It is the result of agreements among the PCI SSC, which is the Payment Card Industry Security Standards Council. Founded in 2006, the PCI SSC is comprised of hundreds of financial institutions and merchants, and manages the design, implementation, and updates of the PCI DSS as security threats and technology evolve.

How does PCI DSS compliance work?

PCI DSS compliance depends on the way your business uses PCI tools. Cardholder information can be stolen from a variety of sources:

  • Point of sale system

  • Online payment system

  • Cardholder database

  • Card reader

  • Even a wireless router!

Once you determine the storage and transmission of your company’s sensitive information, a secure network – with firewalls, security parameters, and encrypted transmission – must be designed, built, and well maintained. This still applies if you take credit card orders by phone – and even if you use third-party processing.

In addition, the new system has to be monitored regularly and tested for breaches. And your privacy policy must be updated to provide clear information to cardholders, so that they know the protocols you have in place, as well as their rights.

What does PCI DSS compliance mean for my company?

The best practices for the PCI DSS requirements are valid currently from the 1st of February 2018, and must be implemented by all business that use PCI tools. Fines range from $5,000 to $100,000 per month for violations.

This means that PCI Security Standards are not a one-time project for your company. And if you’re a small business, it’s not simply enough to have an SSL certificate. It’s an ongoing system of assessment, implementation, and reporting that is critical to your reputation and your bottom line.

At 100% Security, we understand that small and medium sized businesses are not equipped to handle the many steps to PCI DSS compliance. We stand ready to ensure that your company is PCI DSS compliant – now, and in the future.

VIRTUAL (C)ISO

We offer outsourcing of a Chief Information Officer role within your organization.

We will take care of all your Information Security Management System requirements and obligations allowing you to focus on your core business goals.

Are you ready for GDPR?

GRPR Checklist

  • Raise Awareness
  • Perform a data audit
  • Communicate Clearly to Data Subjects
  • Consider the Purpose of Data Collection
  • Understand Data Subjects Rights
  • Provide Data Portability
  • Conduct Data Protection Impact Assessments
  • Adhere to Data Processing Systems and Security by Design
  • Create or Refine Reactive Policies
  • Have a Point of Contact
  • Get Accredited

Contact us today for more information on how we can make your company PCI DSS compliant.

Contact us!