“PCI” stands for “payment card industry,” commonly associated with the longer-named Payment Card Industry Data Security Standard (PCI DSS). This is a set of rules that outlines the accepted security standards for credit and debit cards, whether they’re used online or in person.
The last thing anyone wants is to become a victim of fraud. Losing hard-earned money to a nefarious or ill-equipped website is still a fear for many Americans. In fact, in a survey on fraud in online shopping conducted by Paysafe, a leading global payments provider, researchers found that 59 percent of Americans believe fraud to be an inevitable part of online shopping.
Certainly then, ensuring customers feel secure when making any payments using credit cards is crucial to company success. Another survey on security measures conducted by Lost in Translation indicated that 71 percent of consumers are “open to the introduction of more secure payment processes such as two-factor authentication.”
It’s all about the plastic.
Even though we have more alternative electronic payment options than ever before, Americans prefer the credit card over any other payment mechanism. This means it’s relatively simple for businesses to charge their customers online and get paid using one of a variety of payment gateways — all they have to do is move information from one place to another to collect their revenue, and the internet makes this a simple task.
But this convenience simultaneously presents an obstacle: that data needs to be moved and stored safely. It should only be accessible by authorized entities, and should be kept far out of reach from malicious third parties. For enabling an entirely new era of transacting, online card payments also come with their own set of liabilities that can leave customer financial data vulnerable and a business’s reputation on the line.
This means your company, whether large or small, needs to be on the forefront of PCI compliance. A PCI compliance audit is an essential tool for helping you get there.
A white belt in karate throws different kicks than a black belt. A chess master plays different openings than someone who just learned the rules of the game yesterday. There are levels to everything, and PCI compliance is no exception.
PCI (payment card industry) compliance refers to the standards that companies have to stick to in order to process payment information online. These best practices are collectively known as the Payment Card Industry Data Security Standard (PCI DSS), which was created by the PCI Security Standards Council (PCI SSC). It works to increase controls and protection around cardholder data while simultaneously reducing credit card fraud, so it’s always in a company’s interest to pursue this kind of compliance.
Is Stripe PCI Compliant? If you implement it properly, the answer is yes, Stripe is completely PCI compliant!
Stripe is a popular platform that makes it easy for businesses to accept credit and debit cards over the internet quickly and securely. Ridesharing company Lyft uses Stripe to power its payment solution for 700,000 drivers around the world, and that’s just one company. This payment service moves billions of dollars a year and is used by tens of thousands of companies around the world, from small scrappy startups to established Fortune 500s.
You don’t become a leading plug-and-play payment solution provider by accident. You do it by making it quick and painless for companies to accept credit card payments at scale. It’s not always easy for companies to meet the stringent security standards for processing online payments, let alone other personally identifiable information like birthdays and addresses. This requires a lot of technical expertise, expensive hardware, and active attention for companies to achieve that on their own.
Wherever people are legally transacting money for goods, there are going to be bad guys in search of a score. It’s just the unfortunate reality of our world increasingly moving to the internet for its needs — wherever the good guys go to transact and do business, the bad guys will follow them in an effort to manipulate and rip off.
As the American e-commerce industry grew by 14.2% in 2018 to total more than $517 billion in transactions, you can be sure that cybercriminals are at work to con people out of their money and personally identifiable information. Consumers can take certain steps to establish their own security, but they must fundamentally share some of this information in order to complete transactions online. They can’t be responsible for protecting information that they necessarily part with.
The burden to protect this information — we’re talking about credit card numbers, security codes, and the like — lies with the businesses that process it. The best of these businesses pursue PCI compliance because they know that it’s an important feather in their cap for retaining consumer trust and pushing back against any would-be cybercriminals.
For those businesses that don’t know where they stand on the PCI compliance front, they only need to conduct a vulnerability scan.
RSI Security’s first-ever PCI Expert Summit is in the books, and we couldn’t be happier about how things turned out!
On October 2nd we were joined by four speakers, a number of sponsors, an expert panel, and over 70 attendees to begin the process of building a strong, vibrant PCI compliance community in the Southern California area. The event took place at the beautiful Marina Village Conference Center in San Diego.
“I found the event to be very informative. It was also nice to be around other folks I’ve worked with previously but haven’t actually met in person. It was definitely worth the time coming down for what I hope to be the first of many future RSI Summits,” said Gurpal Singh, head of compliance at Finix Payments.
Just as professional athletes or motorists pay fines when they break certain rules, the same applies to companies doing business online. But the rules governing these companies’ behavior goes beyond “unsportsmanlike conduct” or “following the speed limit.” When they collect and process payment information for debit and credit cards, they must adhere to a number of rules in the process. If they break those rules, then they’re on the line to pay a penalty for it.
If it’s expensive to ignore the rules, why are an increased number of companies doing so? Verizon’s 2018 Payment Security Report reveals a drop in PCI compliance, which are the standards that companies have to stick to in order to process payment information online. Where 55.4 percent of companies were compliant in 2017, that number shrank to 52.5 percent in 2018. Chalk it up to lack of awareness or other shortcomings, but companies leave themselves and their customers exposed to bad actors when they shun this kind of compliance.
Beyond merely leaving themselves and their customers vulnerable to data breaches and cyberattacks, this decreased regard for the best practices pertaining to collecting payment card data and other personally identifiable information leaves these companies on the hook for noncompliance fees. It might not be as exciting or interesting as a professional athlete paying his or her commission for uttering an expletive during a game, but it can still be just as expensive.