You are here: Home > Finance > PCI Compliance Basics

PCI Compliance Basics

To say that credit card and identity theft is on the rise is to make a bit of an understatement. Every year hackers swipe hundreds of thousands, possibly even millions, of credit card numbers and account holder information profiles from a variety of online sources. The financial cost of their crimes easily runs into the hundreds of millions of dollars without even breaking a sweat.

Unfortunately, the brunt of this crime spree falls on thousands of innocent cardholders whose only mistake was sharing their credit card information with a legitimate merchant who was then hacked himself. Once that information is in the hands of criminals, they’ll brazenly sell it on secured electronic marketplaces in batches of tens of thousands.

To combat this scourge, merchants and governments have worked together to create a set of security standards that give these honest businessmen and women a fighting chance against hackers and organized crime. Known as the Payment Card Industry Data Security Standard (PCI SS) these guidelines provide a framework of best practices that keep sensitive financial information out of the hands of hackers.

Storing Sensitive Data
One of the biggest problems any merchant who hopes to do business online is going to face is simply how to securely store his or her customers’ personally identifiable information. This effort is especially challenging because securely encrypting a point of purchase terminal (and other stops in the payment chain) is next to impossible.

At the same time, customers need that extra level of protection and credit card companies and online retail biggies are more than happy to be giving it to them. What most merchants won’t be able to do is implement the standards all on their own. In order to keep up with, and hopefully ahead of, the hacker gangs that rule the internet, merchants will almost certainly need to hire outside consultants in order to make their systems PCI compliant.

Who Needs PCI?
The PCI standards were introduced in 2000 and apply to virtually every business that accepts credit cards as a form of payment. Now what level of compliance you need to be working at is going to be based largely on how many credit card transactions you’re doing each year.

There are four specific levels of compliance with Level 4 applying to businesses that do fewer than 20,000 card transactions a year. The top level, Level 1, applies to businesses that do more than one million card transactions a year.

Getting compliant is a long process but there are plenty of online resources, and consultants, that are easily accessible. Even if you’re not going to be doing the behind-the-scenes security work yourself, we still encourage you to familiarize yourself with the standards. This is a project you definitely don’t want to mess up.

Finally
Though some merchants may balk at the thought of spending precious time and money getting PCI compliant, they really shouldn’t. These standards are their best hope of protecting their assets, and their customers’ assets, from serious economic devastation.

Comments are closed.