Payment Card Industry
What is PCI DSS (Payment Card Industry Data Security Standards)? A set of requirements, founded by Amex, Discover, JCB, MasterCard and Visa; to facilitate industry-wide adoption of consistent data security measures on a global basis. Best practices for enhancing payment account data security.
Why does my business need to be PCI Compliant? You help protect your business
by reducing the risk of a costly breach of your customers’ payment card data. Payment card brands (Amex, Discover, JCB, MasterCard and Visa) mandate that all businesses processing payment cards must be compliant.
Once my business validates PCI-DSS compliance, does that prevent a security breach from happening? No. It helps prevent security breaches and loss of cardholder data but do not provide a guarantee to your business. Also, similar to the regularly required updates to anti-virus and firewall software; data security is also continually subject to new threats.
What happens to my business if I am not PCI Compliant? If you do not comply with the security requirements contained within PCI-DSS as mandated by the payment card networks; you put your organization at risk of a payment card compromise.
In the event that your business is compromised, you may also be subject to additional fines, fees, and assessments by the card brands. You may also lose your credit card acceptance privileges.
What am I required to do to validate PCI compliance? The minimum requirement for PCI Level 4 business is to complete a PCI-DSS Self-Assessment Questionnaire (SAQ) on an annual basis and achieve a passing status.