Compliance Standards

Wherever people are legally transacting money for goods, there are going to be bad guys in search of a score. It’s just the unfortunate reality of our world increasingly moving to the internet for its needs — wherever the good guys go to transact and do business, the bad guys will follow them in an effort to manipulate and rip off.

As the American e-commerce industry grew by 14.2% in 2018 to total more than $517 billion in transactions, you can be sure that cybercriminals are at work to con people out of their money and personally identifiable information. Consumers can take certain steps to establish their own security, but they must fundamentally share some of this information in order to complete transactions online. They can’t be responsible for protecting information that they necessarily part with.

The burden to protect this information — we’re talking about credit card numbers, security codes, and the like — lies with the businesses that process it. The best of these businesses pursue PCI compliance because they know that it’s an important feather in their cap for retaining consumer trust and pushing back against any would-be cybercriminals.

For those businesses that don’t know where they stand on the PCI compliance front, they only need to conduct a vulnerability scan.

Just as professional athletes or motorists pay fines when they break certain rules, the same applies to companies doing business online. But the rules governing these companies’ behavior goes beyond “unsportsmanlike conduct” or “following the speed limit.” When they collect and process payment information for debit and credit cards, they must adhere to a number of rules in the process. If they break those rules, then they’re on the line to pay a penalty for it.

If it’s expensive to ignore the rules, why are an increased number of companies doing so? Verizon’s 2018 Payment Security Report reveals a drop in PCI compliance, which are the standards that companies have to stick to in order to process payment information online. Where 55.4 percent of companies were compliant in 2017, that number shrank to 52.5 percent in 2018. Chalk it up to lack of awareness or other shortcomings, but companies leave themselves and their customers exposed to bad actors when they shun this kind of compliance.

Beyond merely leaving themselves and their customers vulnerable to data breaches and cyberattacks, this decreased regard for the best practices pertaining to collecting payment card data and other personally identifiable information leaves these companies on the hook for noncompliance fees. It might not be as exciting or interesting as a professional athlete paying his or her commission for uttering an expletive during a game, but it can still be just as expensive.

“PCI compliance” might sound boring and technical, but it’s a major focal point for any business that handles online credit or debit card payments. In 2019, that’s most businesses! 

The internet has completely changed the way we shop and transact — where we used to go to brick and mortar stores in order to spend cash or swipe a card in exchange for the goods we want, this entire experience can now happen from the comfort of your home.

In times of widespread concern about cyberattacks and phishing attempts, it turns out that there’s a clear roadmap to protect your business from malicious hackers — your business only needs to pursue PCI compliance. But what is this term, and what is it all about?

Payment card industry (PCI) compliance refers to the standards that companies have to stick to in order to process payment information online. These best practices are collectively known as the Payment Card Industry Data Security Standard (PCI DSS), and they were created by the PCI Security Standards Council (PCI SSC). This set of best practices works to increase controls and protection around cardholder data while simultaneously reducing credit card fraud.

Just as you might see homes advertising the security systems they’ve installed (“protected by Brinks,” for example), PCI compliance is a similar demonstration that a company has taken steps to protect its systems and infrastructure. When you make your business PCI compliant, it represents major progress toward protecting your customers from data breaches and protecting your business against cyberattacks. It’s completely in your interest if your company processes payments online.