[BreachExchange] Why Is PCI Compliance Important for Every Merchant?
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Aug 29 19:57:52 EDT 2016
http://www.business2community.com/strategy/pci-compliance-
important-every-merchant-01639344
PCI compliance is mandatory for every eCommerce merchant that accepts
credit or debit card payments on their website. All information entered by
customers is sensitive data, so it must be well-protected.
The Payment Card Industry Data Security Standard (PCI DSS) provides steps
that all merchants who process card payments, store or transmit credit,
debit, or prepaid card information need to follow to provide secure
transactions. The main purpose of the PCI DSS is to reduce the risk of
debit and credit card data loss. It suggests how this could be prevented,
detected, and how to react if potential data breaches occur. It provides
protection for both merchants and cardholders.
It’s important for customers to know your website is secure. They use their
debit or credit cards to purchase products or services and risk financial
losses. There is also an identity theft problem. The number of frauds in
recent years has grown, so you have to make sure that sensitive data on
your website is protected.
Make data secure with PCI compliance
Merchants store cardholder data and sensitive authentication data on their
websites, so it needs to be secure and kept private. Technology is
developing so fast that there is a growing number of fraud activities and
businesses face many challenges. That’s why every merchant or payment
service provider with card payment solutions must be PCI compliant. Doing
business should be based on trust (between merchants and customers) and PCI
compliance helps improve the level of security.
Becoming PCI compliant is connected with undergoing a PCI auditing
procedure to meet the requirements of the PCI Data Security Standard. It
depends on the amount of processed transactions per year and it is
separated into 4 different levels. Level 1 is for merchants that process
the highest amount per year, and level 4 is for merchants that process the
smallest amount.
Recommended for YouWebcast, August 30th: Real Time Website Personalization:
Advanced Conversion Techniques
PCI compliance applies to both the administrative and technological side of
running a business and is updated regularly. PCI is an ongoing process and
responsibility, so you need to add a security strategy to your business.
Analyze your website and update it regularly to make sure that all
vulnerabilities that could expose cardholder data are fixed.
PCI DSS guidelines include 12 requirements for merchants and payment
processors, grouped into six areas. They are:
Build and maintain a secure network and system
Protect cardholder data
Maintain a vulnerability management program
Implement strong access and control measures
Regularly monitor and test networks
Maintain an information security policy
Businesses of all types, small and large, suffer from data breaches.
Attackers focus on any vulnerabilities. They know the majority of small
businesses don’t have enough protection and many times don’t even implement
basic security solutions. Large players, on the other hand, can afford to
have expensive security.
Eliminate the risk
When you choose a payment gateway such as SecurionPay, you don’t have to be
PCI compliant. The payment provider will take care of this as well as
payments and data security. Even if the information is entered on your
website, it is protected and encrypted by the provider. There are many
things to consider when choosing a payment gateway, but you want to choose
the one with the highest PCI level to make sure payments processed on your
page will be better protected. Make a smart decision and give your
customers peace of mind.
One of the most important recommendations is if you don’t need cardholder
data, don’t store it. Some payment gateways use advanced technologies, such
as tokenization, so you can be certain that sensitive data won’t touch your
server.
When you run an online business, security is a crucial issue. You need to
do everything to decrease the risk of payment and data fraud that could
damage your brand’s reputation. Data breach is a serious problem and it
could cause a loss of sales and customers that will never return to your
site. It also comes with potential financial liabilities such as fines,
penalties, fees or higher costs of compliance in the future.
As you can see, being PCI compliant comes with many benefits. It’s crucial
to your customers’ security and affects your business reputation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160829/06f7abe3/attachment.html>
More information about the BreachExchange
mailing list