Payment Card Industry Data Security Standard Compliance (PCI DSS)

Data Breaches

15/03/2019

Credit cards have become an established item in our personal inventory whenever we leave the house. Large bundles of cash have been replaced by a small and convenient card that fits neatly into our purses and wallets. Not only have credit cards replaced cash inconvenience but also from the perspective of security. Instead of writing off losing some cash to bad fortune from perhaps falling out of our pockets or having been stolen, credit cards offer the option of being cancelled and put out of use when misplaced.

Credit cards offer us full access to our bank accounts at our fingertips wherever we are whilst maintaining the security of withdrawing if from the safety of a bank itself.

With all these advantages over traditional cash, what are the potential risks associated with this efficient new method of payment?

Credit card data theft is a very real and extremely common problem for cardholders so it falls to the credit card companies to enforce strict rules on the use and storage of this data.

The large credit card companies: American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc all came together in 2006 to create a set of rules for credit card compliance. The motivation for the creation of this regulation was to standardise the requirements for the safe use and storage of card data. The Payment Card Industry Data Security Standards (PCI DSS) came about as a result of this collaboration. This set of regulations sets out rules for organisations to adhere to in order to maintain a consistent level of data security for credit card information.

All organisations that store and process credit card information have a duty of care to the individuals whose data they store. The PCI DSS sets out formal requirements for these organisations to make sure that they are not taking any risks with their customer’s data.

The incentive to maintain compliance is the avoidance of heavy fines and penalties imposed upon organisations that are found to be non-compliant. This financial penalty coupled with the associated damage to a business’s reputation could prove to be extremely detrimental to an organisations success. For these reasons, it is in the best interests of financial organisations to constantly strive to achieve and maintain PCI compliance in a world where data is constantly at risk.

The PCI DSS council must ensure that organisations are being held accountable for if they are not taking the utmost care with the cardholder data that they store. The motivation for these organisations is the threat of being fined, in some cases very heavily. If such an organisation is investigated and found not to be PCI compliant, they could face penalties ranging from as low as five thousand USD up to as much as one hundred thousand USD in severe cases. The fines are calculated based on the level of non-compliance and the guilty organisations can be fined continuously for months until they achieve PCI compliance.

Organisations that wish to maintain this high standard must constantly innovate with the methods and technologies they use to store and process cardholder information. Assuming that your organisation is compliant because it has passed a single inspection is a slippery slope to falling back into the non-compliance bracket. Data breach technology is improving at a rapid rate and hackers and constantly innovating to find new ways to steal data. Cardholder data is very valuable as it is a direct link to an individual’s finances. Organisations need to constantly future-proof their networks against these threats and test for weaknesses wherever they may arise.

The attitude towards PCI compliance must be that of a constant desire to improve and test your network to make sure that it is secure. There is no easy fix for achieving compliance, it must become a part of everyday business practise and be a company-wide initiative.

Niall Rooney

Author
Niall Rooney

Stay ahead of hackers

Sign up for our monthly security
newsletter and stay ahead.



Copyright © 2019 Ground Labs Pte Ltd – All rights reserved | Legal | Privacy | EULA

It's time to find your data

Enterprise Recon User Interface

What kind of data do you want to protect?

Choose the software that matches your requirements. 1 or 100,000 systems? We have the products to help you.

Enterprise Recon

5 – 100,000 Systems
Enterprise-ready solution
priced for organisations of any size.
Includes PCI, GDPR, HIPAA and more.

Check Out Enterprise Recon

Card Recon

1 – 5 Systems
Stand-alone tool for manual
PCI scanning on single machines.

Check Out Card Recon

Resource Centre

Resources-image

Want to learn more?

Visit these pages for product support, knowledge base, case studies, events and more.

Support

Have a question or
looking for Docs?
Our dedicated support team are here to help.

Get Support

Case Studies
& White Papers

Detailed case studies from some of our current customers.

Learn more

Blog

Stay up-to-date with recent cybersecurity trends and topics.

Stay Up To Date

Events

We have a global events structure in place, click below to see where we are next.

Meet us

It's time to find your data

Enterprise Recon User Interface

What kind of data do you want to protect?

Choose the software that matches your requirements. 1 or 100,000 systems? We have the products to help you.

Enterprise Recon

5 – 100,000 Systems
Enterprise-ready solution
priced for organisations of any size.
Includes PCI, GDPR, HIPAA and more.

Check Out Enterprise Recon

Card Recon

1 – 5 Systems
Stand-alone tool for manual
PCI scanning on single machines.

Check Out Card Recon

Resource Centre

Resources-image

Want to learn more?

Visit these pages for product support, knowledge base, case studies, events and more.

Support

Have a question or
looking for Docs?
Our dedicated support team are here to help.

Get Support

Case Studies
& White Papers

Detailed case studies from some of our current customers.

Learn more

Blog

Stay up-to-date with recent cybersecurity trends and topics.

Stay Up To Date

Events

We have a global events structure in place, click below to see where we are next.

Meet us