The Payment Card Industry (PCI) consists of all organizations that store, process or transmit cardholder data. The Payment Card Industry Security Standards Council (PCI SSC) is the governing body over the PCI and consists of the major card brands; Visa International, Mastercard Worldwide, Discover Financial Services, American Express, and Japan Credit Bureau (JCB).
Prior to the establishment of the PCI SSC, each major card brand established its own individual security standards in response to credit fraud in the late 1980’s and 1990’s. The growth of the internet and ecommerce capabilities in the early 2000’s resulted in an explosion of card fraud, which was a catalyst for the establishment of a unified approach to card data security by the major card brands. Thus, the PCI SSC was established on Sept 7, 2006. The standards that were put in place, known as PCI Compliance, are now required annually by all organizations involved in the handling, processing, management or storage of cardholder data.
Since 2006, the PCI SSC’s resulting Data Security Standards (PCI DSS) have assisted merchants globally with best practices to better secure customer cardholder data through annual updates to the PCI DSS. With each new iteration of the standards, the PCI SSC addresses changes in risks and technologies to ensure merchants are well equipped to handle all scenarios around data security risks that may affect them.
PCI Compliance is important to us all.
As data breaches increase each year, it is imperative that both merchants and customers perform due diligence to ensure they are not enabling cybercriminal activity. Data breaches result in increased global economic debt and the costs of doing business for everyone. For many Small and Medium-Sized Business (SMB) organizations, a data breach can mean the loss of revenue, brand reputation and in many cases, the loss of the business altogether due to all associated costs.
3 out of 4
Data breaches involve SMB organizations
Meeting and maintaining PCI compliance standards for your organization will benefit you in many ways. Through the PCI compliance process your organization is better educated and equipped with a strong data security foundation. You will learn best practices (based on how you handle and process cardholder data) to ensure you are not an easy target for cybercriminals. Becoming PCI compliant demonstrates your commitment to protect your customers from identity theft and fraud. Perhaps more importantly, PCI compliance is a demonstration of your commitment as a business owner to protect your investments, hard work and brand reputation.
The steps to becoming PCI compliant begin with a willingness to learn, along with an understanding of what PCI compliance is and is not. PCI compliance is not a guarantee that you will never have a data breach, and it is not simply checking a couple of boxes on a few forms. PCI compliance is implementing layers of security that make it increasingly difficult for cybercriminals should they attempt to attack you.