What is PCI DSS?

What is PCI DSS?

Christian Damour

Product and Services Manager at FIME

Views 310

What is PCI DSS?

20.06.2019 10:15 am

As worldwide card fraud continues to rise, it is fundamental that the payments industry steps up to the challenge to prevent further data breaches and losses. One of the key elements of keeping data secure is PCI DSS compliance. The security standard has been around for a long time. But, shockingly, not all payments actors take it seriously. So, what is PCI DSS and why is it so important?

Introducing PCI DSS

PCI DSS compliance is a requirement for any entity storing, processing or transmitting customer cardholder data.

Whenever a card payment is made – in-store, online or over the phone – the acceptance and processing infrastructure needs to be secure. To restrict the opportunity for fraud, the major payment brands (American Express, Discover, JCB, Mastercard and Visa) created the Payment Card Industry Data Security Standard – aka, PCI DSS. 

Tackling the technical: why is PCI DSS so important?

Fundamentally, PCI DSS helps to prevent fraud for both consumers and businesses. When thoroughly aligned with the standard’s requirements, the risks of cardholder data being compromised are significantly reduced.

However, the requirements are much more technical than other industry standards. Plus, many companies are not used to managing the myriad areas that need to be controlled across a payment IT infrastructure.

But failure to comply is dangerous, and common. Negative consequences include lost funds, identity theft, financial fines and, crucially, reputational damage. Research fromVerizon in 2018 found that no organization affected by a payment card data breach was in full compliance with the PCI DSS requirements. This is a testament to the need for compliance to be taken more seriously.

Building compliance into your business

PCI DSS aims to pin-point the simple mistakes cyber thieves commonly target, such as weak passwords, misconfigured technologies and uneducated employees.

It may be tempting to just "check the boxes" of compliance. But dedicating the time to do a thorough infrastructure review is vital to protect your business. Responsibility does not just sit with merchants, either. Every entity touched by cardholder data has a role to play in ensuring the security and integrity of their systems to protect cardholder data.

This can be hard to achieve alone. But with the right approach and partner, companies can seek to significantly reduce the scope of its infrastructure that falls under PCI DSS. This in turn reduces the risk, ongoing expense and time of compliance long term. At the same time, it encourages the introduction of new technologies and methodologies to increase efficiency and deliver new innovative value-added services.

Seizing the opportunity

It is true that PCI DSS compliance can be complex, time consuming and expensive. But by not approaching compliance in the right way, your business could put data at risk. It could also exponentially increase the cost and time required to become certified. This is without considering the devastating impact that fraud could have.

By working with a strategic partner, merchants, public transport operators (PTOs), processors and acquirers can turn certification nightmares into business enablers. Utilizing their deep understanding of the ecosystem and the nuances of PCI DSS, the rules can be applied intelligently to reduce the scope of your compliance. This cuts the time and cost investment needed, all while reducing risk. What’s more, the right partner can help you to put new technologies and infrastructure to work, adding value to your business and customers.

Latest blogs

David Orme IDEX Biometrics ASA

Weary eyes and fictitious faces: why fingerprints are best for biometric authentication

Biometric technology is already revolutionising both physical and cyber-security in the UK. While the latest breakthroughs are impressive, we’re only just touching the tip of the iceberg. Regardless of which method we’re using – whether it is Read more »

Tom Kellermann Carbon Black

Governance, Risk and Compliance - Enacting Proactive Risk Management

In the highly regulated industries of finance, healthcare and energy, a focus on governance, risk and compliance (GRC) is crucial to effectively combat a cybersecurity breach. Unfortunately, when considering international data sharing, this can Read more »

James Daniels FIME

Key takeaways from MWC Shanghai and Seamless Asia

At the end of last month, two major technology events took place in Asia. The first was Seamless Asia, which focused on the future of finance and commerce. The second, MWC Shanghai, centred around ‘Intelligent Connectivity’ – bringing together Read more »

Henry Balani Encompass Corporation

KYC Solutions Provider Encompass Corporation Comments on FCA Anti-Money Laundering Annual Report 2018/19

From this report, it is clear that the FCA is taking real action across the board when it comes to tackling money laundering. It is important to note the focus on Capital Markets. Given the reputation of London as a major financial centre, this is Read more »

Aditya Arora Teleperformance DIBS

How can financial institutions keep the human touch despite the ever growing wave of automation?

The past decade has welcomed an era of rapidly evolving and innovative technology, launching the race for automation and use of Artificial Intelligence across verticals in order to streamline processes and ease tasks for its employees and customers Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel