Practically every business must fear—or at least be wary of—the threat of cyberattacks. This is especially true for businesses that process, transmit, or store payment data. It’s very likely that your business performs one of if not all three of those actions. If that’s the case, then you’re required to follow the Payment Card Industry Data Security Standard (PCI-DSS). Additionally, it’s strongly encouraged that you conduct biannual PCI network segmentation testing.
It’s surprising how many businesses ask this question. Sometimes the cost of meeting compliance regulation seems to outweigh the risks. There are fees associated with not meeting the payment card industry (PCI) compliance regulations, but are these fines comparable to the cost of implementing the required cybersecurity protocols?
All companies that take or otherwise involve payments via credit card expose themselves and their stakeholders to various threats of cybercrime. Cardholder information is some of the most sensitive and valuable data a hacker can get his or her hands on. It enables direct theft of the cardholder’s assets, as well as various other potential fraud or extortion schemes.
It’s not only merchants that are affected by PCI DSS 4.0, but payment facilitators will also need to make changes to their cybersecurity protocols. Payments Facilitators (PayFacs) must follow the same procedures as companies to ensure that personally identifiable information (PII) is secure from breaches.
The old Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 is still in effect. The new PCI 4.0 standards are not slated to be effective until the end of 2020, at the earliest. Again, the current PCI 4.0 draft isn’t final, and the 3.2.1 is still the standard to go to for compliance today and maybe for a long time. There will also be a period of time after the new standards are published when businesses will be given time to switch over to the latest version of the PCI DSS after its public release on the PCI Security Standard Council website.
Any company that uses and handles credit or debit payment information from consumers needs to comply with PCI DSS, short for Payment Card Industry Data Security Standard. These standards cover technical and operational practices for handling cardholder data. Maintaining payment security is becoming more and more crucial as cybercrime becomes increasingly prevalent in our world.
Any business or organization that accepts and/or processes credit and debit cardholder information should already be familiar with PCI DSS v. 3.2.1. Merchants are expected – and required – to meet this standard. This has been the case since 2018.
Companies that use and transmit credit and debit card information must meet the Payment Card Industry Data Security Standard (PCI DSS) regulations. These standards were created and are regulated by the Payment Card Industry Security Standards Council (PCI SSC). The council is composed of the five major credit card companies: Mastercard, Visa, American Express, Discover, and JBC.