What is the PCI Security Council and How Does it Affect Businesses?

As technology advances, more and more businesses are preferring to go online due to the various advantages that include overhead cost reduction and global customer outreach. However, conducting online business also means exposing the company to the cyber attacks that come in the forms of malware and hackers who steal company information. Fortunately, the PCI Security Council is determined to protect customers and business from such unfortunate incidences through setting standards that all businesses dealing with credit cards should follow but how exactly does the council affect how businesses. Let’s take a look.

The Payment Card Industry (PCI) Security Standards Council was founded on 6th September 2006 by five prominent payment brands namely Visa, American Express, Discover Financial Services, MasterCard and JCB International. The five brands are also the members, and the council aims to manage the ongoing changes in the PCI DSS (Data Security Standard), which are 12 standards that businesses can use to gauge their payment card security guidelines, procedures and guidelines. The council may have come up with these guidelines, but it is not its responsibility to ensure compliance; instead, the founding members, acquiring banks and payment service providers are tasked with that responsibility.

The standards that the Council expects business to comply with are:

  • To protect a cardholder’s data by installing and maintaining a firewall configuration
  • To not use vendor-supplied defaults for passwords and security parameters.
  • To protect the stored cardholder data.
  • To encrypt cardholder data transmitted across open and public networks.
  • To regularly use and update antivirus software
  • To develop and mountain secure applications and systems
  • To assign a unique identification to every person accessing the computer
  • To restrict physical access to the cardholder data
  • To track and monitor access to cardholder data and network resources
  • To test the security processes and systems regularly
  • To maintain policies that address information security

By being compliant to the set standards, businesses benefit from:

Increased customer confidence

The minute customers feel that the company they are transacting with is not doing its best to protect their interest they will walk away and look for an alternative service provider. Confidence in business results in loyalty which then means high customer traffic and higher sales. It is therefore in the best interest for a business to prove to its customers that it is willing to go to any lengths to protect their credit card information; that way both you and your customers get some peace of mind.

For instance, Zenta, which deals in credit card related issues of US multinationals realized that it needed to comply with the PCI DSS and therefore hired ControlCase and a Qualified Security Assessor from the PCI council and the company obtained PCI DSS certification in December 2008.

Secure business data

The PCI Council has guidelines as to what data should and should not be stored. The PCI, therefore, has instructions in a document that also includes a table to detail the data elements that a business should save and what to do after that. For example, no company is allowed to store the PIN, full magnetic stripe data and CVV2 number. However, you can save the primary account number, but you must ensure it is unreadable entirely whether in servers or portable digital media storage devices. Such precautions set by the PCI council protect the business data against hackers and malware threats.

Lawsuit avoidance

In 2008, Visa notified the U.S. Bank that Cisero’s, a popular Italian restaurant, may have a compromised network after credit cards used at the eatery were used for fraudulent purposes elsewhere. Cisero’s hired two audit firms and unfortunately, they discovered that indeed the restaurant’s POS system was storing unencrypted account numbers which could be read from the card’s magnetic stripe; that in itself is a contravention of the PCI standards and the restaurant was fined. However, after failing to pay the entire fine, the U.S. bank sued the restaurant owners to obtain the remainder of the fines with the owners defending themselves that they should have been informed of the requirements and the bank should have ensured they complied with them.

Fine and penalties avoidance

As with anything that fails to adhere to the rules and regulations failing to comply with the standards that the PCI Security Standards Council sets results in being fined by the credit card companies. The fines and penalties range between $5,000 and $100,000. The amount of the fine depends on various factors such as the level of PCI DSS that the company is in, the transaction volume, the number of clients and the period that the firm has remained non-compliant. The penalties that the payment providers suffer are transferred to the non-compliant company which results in strained relationships between the firm and bank.

Security standards provision

It is hard to know how to protect your clients if there are no standards against which to measure the efforts you are exerting. Fortunately, the business has a yardstick to keep improving its data protection processes following the guidelines that the Council sets

Reduction of data breach cost

Companies that have breached the data security standards suffer some financial costs which depend on a few factors such as the size of the breach, the payment channel that is affected, number of servers and the interconnection of the servers. The firms also have to incur the cost of breach response such as creating a webpage for customers to learn more about the breach incidence. However, the main cost will have to be any forensic investigations to be done since the organization will bear the expense; a Level 1 investigation can go as high as $100,000. Extra costs include card brand promise fees, card re-issuance penalties, and lawyer fees among others.

Conclusion

While most merchants may feel that the standards that the PCI Security Council imposes are too many, it is the businesses who benefit from adhering to them. If it means ensuring that your business will not suffer severe fines, lose customer confidence, maintain a good reputation and avoid all costs related to noncompliance, then the council is here to protect businesses and not impose additional rules.


Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

How Tim Duncan Achieved a Net Worth of $150 Million
John C. Malone
10 Things You Didn’t Know about Atlanta Braves Owner John C. Malone
Yu Liu
10 Things You Didn’t Know about Yu Liu
10 Things You Didn’t Know about Norman Augustine
The 10 Best Credit Cards for Balance Transfers
Ventas
Why Ventas is a Solid Long Term Dividend Stock
Capital One Credit Card
The 10 Best Credit Cards for People With Bad Credit in 2019
Discover It card for Students
The 10 Best Credit Cards for People with No Credit
smart food labels
How Smart Food Labels Will Change the Future
Mixed Reality Technology
What is Mixed Reality and Where Are We With It?
5 Myths About Custom Mobile Applications
Seamless Virtual AI Assistant
How Close Are We to Seamless Talking AI Assistants?
Quebec’s Gaspé is a Hotbed of History, Nature, and Food
Refinery Hotel NYC
10 Reasons to Stay at The Refinery Hotel in NYC
Urban Farmer Philly
Why Urban Farmer is One of Philadelphia’s Finest Steakhouses
History of Congress Avenue Bridge Bats in Austin
The History of Congress Avenue Bridge Bats in Austin
A Closer Look at The 2013 Ferrari Mansory F12 La Revoluzione
2004 Ferrari F430 Scuderia
A Closer Look at The 2004 Ferrari F430 Scuderia
1991 Ferrari TestaRossa 512 TR
A Closer Look at the 1991 Ferrari Testarossa 512 TR
The 1987 Ferrari F40
A Closer Look at The 1987 Ferrari F40
A Closer Look at The Breitling Windrider Blackbird
A Closer Look at the Breitling Chronomat 41
Breitling Bentley Mulliner Tourbillon
A Closer Look at The Breitling Bentley Mulliner Tourbillon
Breitling GMT Light Body
A Closer Look at The Breitling Bentley GMT Light Body