What is the PCI Security Council and How Does it Affect Businesses?

As technology advances, more and more businesses are preferring to go online due to the various advantages that include overhead cost reduction and global customer outreach. However, conducting online business also means exposing the company to the cyber attacks that come in the forms of malware and hackers who steal company information. Fortunately, the PCI Security Council is determined to protect customers and business from such unfortunate incidences through setting standards that all businesses dealing with credit cards should follow but how exactly does the council affect how businesses. Let’s take a look.

The Payment Card Industry (PCI) Security Standards Council was founded on 6th September 2006 by five prominent payment brands namely Visa, American Express, Discover Financial Services, MasterCard and JCB International. The five brands are also the members, and the council aims to manage the ongoing changes in the PCI DSS (Data Security Standard), which are 12 standards that businesses can use to gauge their payment card security guidelines, procedures and guidelines. The council may have come up with these guidelines, but it is not its responsibility to ensure compliance; instead, the founding members, acquiring banks and payment service providers are tasked with that responsibility.

The standards that the Council expects business to comply with are:

  • To protect a cardholder’s data by installing and maintaining a firewall configuration
  • To not use vendor-supplied defaults for passwords and security parameters.
  • To protect the stored cardholder data.
  • To encrypt cardholder data transmitted across open and public networks.
  • To regularly use and update antivirus software
  • To develop and mountain secure applications and systems
  • To assign a unique identification to every person accessing the computer
  • To restrict physical access to the cardholder data
  • To track and monitor access to cardholder data and network resources
  • To test the security processes and systems regularly
  • To maintain policies that address information security

By being compliant to the set standards, businesses benefit from:

Increased customer confidence

The minute customers feel that the company they are transacting with is not doing its best to protect their interest they will walk away and look for an alternative service provider. Confidence in business results in loyalty which then means high customer traffic and higher sales. It is therefore in the best interest for a business to prove to its customers that it is willing to go to any lengths to protect their credit card information; that way both you and your customers get some peace of mind.

For instance, Zenta, which deals in credit card related issues of US multinationals realized that it needed to comply with the PCI DSS and therefore hired ControlCase and a Qualified Security Assessor from the PCI council and the company obtained PCI DSS certification in December 2008.

Secure business data

The PCI Council has guidelines as to what data should and should not be stored. The PCI, therefore, has instructions in a document that also includes a table to detail the data elements that a business should save and what to do after that. For example, no company is allowed to store the PIN, full magnetic stripe data and CVV2 number. However, you can save the primary account number, but you must ensure it is unreadable entirely whether in servers or portable digital media storage devices. Such precautions set by the PCI council protect the business data against hackers and malware threats.

Lawsuit avoidance

In 2008, Visa notified the U.S. Bank that Cisero’s, a popular Italian restaurant, may have a compromised network after credit cards used at the eatery were used for fraudulent purposes elsewhere. Cisero’s hired two audit firms and unfortunately, they discovered that indeed the restaurant’s POS system was storing unencrypted account numbers which could be read from the card’s magnetic stripe; that in itself is a contravention of the PCI standards and the restaurant was fined. However, after failing to pay the entire fine, the U.S. bank sued the restaurant owners to obtain the remainder of the fines with the owners defending themselves that they should have been informed of the requirements and the bank should have ensured they complied with them.

Fine and penalties avoidance

As with anything that fails to adhere to the rules and regulations failing to comply with the standards that the PCI Security Standards Council sets results in being fined by the credit card companies. The fines and penalties range between $5,000 and $100,000. The amount of the fine depends on various factors such as the level of PCI DSS that the company is in, the transaction volume, the number of clients and the period that the firm has remained non-compliant. The penalties that the payment providers suffer are transferred to the non-compliant company which results in strained relationships between the firm and bank.

Security standards provision

It is hard to know how to protect your clients if there are no standards against which to measure the efforts you are exerting. Fortunately, the business has a yardstick to keep improving its data protection processes following the guidelines that the Council sets

Reduction of data breach cost

Companies that have breached the data security standards suffer some financial costs which depend on a few factors such as the size of the breach, the payment channel that is affected, number of servers and the interconnection of the servers. The firms also have to incur the cost of breach response such as creating a webpage for customers to learn more about the breach incidence. However, the main cost will have to be any forensic investigations to be done since the organization will bear the expense; a Level 1 investigation can go as high as $100,000. Extra costs include card brand promise fees, card re-issuance penalties, and lawyer fees among others.

Conclusion

While most merchants may feel that the standards that the PCI Security Council imposes are too many, it is the businesses who benefit from adhering to them. If it means ensuring that your business will not suffer severe fines, lose customer confidence, maintain a good reputation and avoid all costs related to noncompliance, then the council is here to protect businesses and not impose additional rules.


Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

University of Florida Campus
The 20 Most Notable University of Florida Alumni in Business
George Strait concert
How George Strait Achieved a Net Worth of $300 Million
Wes Edens
10 Things You Didn’t Know about Milwaukee Bucks Owner Wes Edens
Wharton
The 20 Most Notable Wharton Alumni in Business
Credit cards in wallet in back pocket
7 Elements of a Good Credit Application
budgeting in the office
Three Ways Budgeting Our Money Actually Makes Us Richer
thermometer
10 Pharmaceutical Stocks to Consider in 2019
DJIA
The History and Evolution of the DJIA
Software Engineer
How to Become a Software Engineer and the Salary You Can Expect
Uptime
Prioritizing Security to Future-Proof Enterprise Collaboration
Does Artificial Intelligence Have Ethics?
Cloud Attack
Top 8 Cyber Security Trends in 2019 You Should Look out For
Seattle
20 Awesome Free Things to Do in Seattle
Downtown Dallas
20 Awesome Free Things to Do in Dallas
Four Mexican Getaways You Need to Try At Least Once
Family Friendly Vacation to Dillion, Colorado
2019 Mazda CX-9
The Top 20 Midsize SUVs for 2019
The 20 Most Fuel Efficient Cars in 2019
2013 Nissan GTR
The 10 Most Expensive Cars to Maintain in 2019
The 20 Best Chevy SUVs of All Time
Timex MK1 Steel Watch With White Dial
The 10 Best Timex Watches of 2019
Fossil Sport
The 10 Best Fossil Watches of 2019
Hamilton Watches feature
The 10 Best Hamilton Watches of 2019
The 20 Best Tourbillon Watches in 2019