What is PCI DSS?

What is PCI DSS?

Christian Damour

Product and Services Manager at FIME

Views 598

What is PCI DSS?

20.06.2019 10:15 am

As worldwide card fraud continues to rise, it is fundamental that the payments industry steps up to the challenge to prevent further data breaches and losses. One of the key elements of keeping data secure is PCI DSS compliance. The security standard has been around for a long time. But, shockingly, not all payments actors take it seriously. So, what is PCI DSS and why is it so important?

Introducing PCI DSS

PCI DSS compliance is a requirement for any entity storing, processing or transmitting customer cardholder data.

Whenever a card payment is made – in-store, online or over the phone – the acceptance and processing infrastructure needs to be secure. To restrict the opportunity for fraud, the major payment brands (American Express, Discover, JCB, Mastercard and Visa) created the Payment Card Industry Data Security Standard – aka, PCI DSS. 

Tackling the technical: why is PCI DSS so important?

Fundamentally, PCI DSS helps to prevent fraud for both consumers and businesses. When thoroughly aligned with the standard’s requirements, the risks of cardholder data being compromised are significantly reduced.

However, the requirements are much more technical than other industry standards. Plus, many companies are not used to managing the myriad areas that need to be controlled across a payment IT infrastructure.

But failure to comply is dangerous, and common. Negative consequences include lost funds, identity theft, financial fines and, crucially, reputational damage. Research fromVerizon in 2018 found that no organization affected by a payment card data breach was in full compliance with the PCI DSS requirements. This is a testament to the need for compliance to be taken more seriously.

Building compliance into your business

PCI DSS aims to pin-point the simple mistakes cyber thieves commonly target, such as weak passwords, misconfigured technologies and uneducated employees.

It may be tempting to just "check the boxes" of compliance. But dedicating the time to do a thorough infrastructure review is vital to protect your business. Responsibility does not just sit with merchants, either. Every entity touched by cardholder data has a role to play in ensuring the security and integrity of their systems to protect cardholder data.

This can be hard to achieve alone. But with the right approach and partner, companies can seek to significantly reduce the scope of its infrastructure that falls under PCI DSS. This in turn reduces the risk, ongoing expense and time of compliance long term. At the same time, it encourages the introduction of new technologies and methodologies to increase efficiency and deliver new innovative value-added services.

Seizing the opportunity

It is true that PCI DSS compliance can be complex, time consuming and expensive. But by not approaching compliance in the right way, your business could put data at risk. It could also exponentially increase the cost and time required to become certified. This is without considering the devastating impact that fraud could have.

By working with a strategic partner, merchants, public transport operators (PTOs), processors and acquirers can turn certification nightmares into business enablers. Utilizing their deep understanding of the ecosystem and the nuances of PCI DSS, the rules can be applied intelligently to reduce the scope of your compliance. This cuts the time and cost investment needed, all while reducing risk. What’s more, the right partner can help you to put new technologies and infrastructure to work, adding value to your business and customers.

Latest blogs

Nish Kotecha and Bryan Foss Independent Director and Visiting Professor Finboot , Bristol Business School

How blockchain could restore trust to the fund management and audit industries

Not too long ago, Neil Woodford was still regularly being heralded as a “superstar” manager and the “Oracle of Oxford”. How different the story is today.  The reasons behind Woodford’s fall from grace have been extensively covered, but can largely Read more »

Scott Fasser Sigma IQ

AI Can Fight Back Office Fires Too - 5 Applications of Machine Learning for Finance, Ops & HR

While consumer-facing applications of machine learning (ML) have gotten most of the attention (think Netflix movie recommendations, Amazon product selection and efficient driving routes in Waze), the back office deserves more Artificial Intelligence Read more »

Alistair Muir Vanteum

Open Banking - Growth Opportunities in Retail Banking

  Access to customer data has been a topic of conversation for many governments around the world in recent years, with many regimes around the world slowly moving towards legislation requiring data to be “opened up” to facilitate data sharing and Read more »

Chris Towner JCRA

Comment - Sterling - what next?

Volatility in the FX markets often hinges on uncertainty. With all the noise surrounding Brexit, which reached a crescendo over the weekend, it is therefore unsurprising that sterling has been subject to significant movements. In the last 10 trading Read more »

Danny Scott CoinCorner

Opera becoming first major browser to enable Bitcoin payments

CoinCorner’s CEO, Danny Scott, commented: “It's great to see a company like Opera getting involved in the cryptocurrency industry. It was actually my browser of choice back in the early 2000s and this innovation may encourage me to move back to them Read more »

Related Blogs

Arnaud Crouzet FIME

Technical challenge or business enabler? Seizing the opportunity of PCI DSS compliance

As data breaches continue to rise globally, protecting the integrity of customer data (especially in the payments world) is vital. Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel