3 Reasons Why It’s Important to be PCI Compliant
Most of us have heard about PCI Compliance. While we understand that it has to do with protecting credit card information, you may wonder how it applies to you.
First, let’s talk about what it is. PCI DSS stands for Payment Card Industry Data Security Standards and is a series of 12 requirements that serve as a baseline for securing and protecting credit card information. The PCI Council is the governing body that maintains and enforces these standards. The advisors are comprised of the major card brands. Several other stakeholders from around the world are part of the council too and include banks, payment processors, and retailers.
This is all fine and good, but how does it apply to you? Well, anyone that handles or processes credit cards needs to comply with the PCI Standards. Since processing payments is at the heart of your business, it’s important that you follow these standards and your technology or business partners do as well. To that end, below are three specific reasons why it’s important to be PCI compliant.
- It’s a requirement. While it’s not the federal government, the PCI council does enforce the standards worldwide. As mentioned above, anyone that handles or processes credit cards is required to be PCI compliant. As such, it’s vital that your technology or business partner that provides these services is PCI compliant to help protect you, your business, and your members.
- It protects your business. As part of enforcement, the PCI council can levy fines for lack of compliance. Having a PCI compliant business partner helps you comply with the standards and avoid non-compliant fines. Additionally, there are things you should be doing if you store credit card information outside of your vendors or partners. As one example, if you have paper copies of signed agreements that have credit card information on them, they should be stored in a locked room or locked filing cabinet that few people have access to. When the time comes to dispose of the agreements, they should be securely destroyed by cross shredding them. This can typically be done by working with a local vendor who supplies those services and will provide a certificate of secure document shredding.
- It protects your members. Facebook has been in the news lately for their challenges with protecting personal information. There have been other news stories over the years regarding data breaches as well: Equifax, Target, TJ Maxx, Sony, and the list goes on. Working with someone who is PCI compliant helps you protect your member’s sensitive data and billing information. The PCI standards help provide a baseline for credit card information protection that can and should be used to protect all your members’ personal information.
In the end, you need to be aware of the PCI standards and work with your business or technology partners to make sure they are PCI compliant. Also, they should be able to provide you some direction on initiatives you can take to protect your business and your members. Data security is a big job and it takes all of us working together to protect ourselves and those we serve.
Ryan Taylor – Director of IT