Businesses that accept payment cards are required to be Payment Card Industry Data Security Standard (PCI DSS) compliant. Compliance is mandatory for any business that accepts payment cards. Even if a business only takes payment over the phone, uses a third party for all payment processing services and doesn’t retain any cardholder data, PCI DSS applies.
The business must assess their security against the PCI DSS requirements on an annual basis and maintain compliance with the standard at all times.
There are consequences if a business does not achieve and maintain PCI DSS compliance.
During the period of non-compliance they may be liable for damages that may result from a cardholder data compromise.
Costs in the event of a data breach may include fines levied by their acquirer, increased compliance costs (as PCI DSS validation requires a full onsite Security Assessment) and consultancy costs for forensic assessments and remediation.
Other consequence of a data breach may include reputational damage, loss of customers, loss of sales, damage to partner or peer relationships, legal costs, fines and insurance claims.
The process of achieving and maintaining compliance with the PCI Data Security Standard is an ongoing cycle with three distinct steps: Assess, Remediate and Report. In the following video ‘Getting started with PCI DSS’ we analyse the three steps in detail. For further information on PCI DSS compliance and what it is, watch our video ‘Just what is PCI DSS?’
If you are a merchant that requires technical or PCI DSS help, please click here