What is PCI DSS and why should you comply with it? The Payment Card Industry’s Data Security Standards have been put in place to help regulate credit card payments and protect identities from fraud. Those chips being installed in your credit cards are just one measure to help prevent fraud; PCI DSS is another, arguably more important, measure. No matter who you are or what you do, if you process credit card payments you are responsible for complying with PCI DSS. Technologies change and so do the regulations set in place for those technologies — are you compliant?
Everyone Is Responsible
One common misconception about PCI DSS compliance is that not everyone who processes credit cards needs to stay up-to-date with their PCI DSS. Regardless of whether you process 1 or 1,000 transactions annually, there are guidelines designed specifically for your type of business. Even if you process payments through a third party like Stripe or Square, you have to be cautious to maintain PCI DSS compliance. Sometimes the payment processing company doesn’t follow PCI DSS compliance, which is bad news for you.
When it comes to PCI DSS compliance, the blame is often hard to place on a single party unless purposeful negligence is at play.
Four Merchant Tiers
Every merchant is unique and assigned a tier level from 1 to 4. Merchant tiers depend on the volume of payments processed annually, and each tier has its own PCI DSS compliance regulations. Small businesses and vendors only need to fill out a Self-Assessment Questionnaire (SAQ), making it easy for small businesses to protect themselves from being targeted for not complying with PCI DSS standards. Larger businesses have to jump through a few more hoops, including a formal audit by a Qualified Security Assessor (QSA). Regardless of what is required of your company, staying on top of your PCI DSS compliance is a boon for both your company and its customers.
PCI Compliant Companies Can Still Be Breached
If a PCI compliant company can still be breached, what’s the point? Hackers are smart. Try to hack for yourself; you’ll be back in a few minutes with a bevy of questions. Although hackers may crack the code to breach a PCI compliant company, it’s far less likely for a few reasons. First, PCI compliant companies are required to scan and check their systems throughout the year. This discourages hackers from trying to enter in the first place. PCI compliant companies also make for harder targets because they tend to be more secure than non-compliant systems.
ASV Scans Are Just The Beginning
An ASV scan is one component of PCI DSS compliance, but there’s more to it than that. ASV Scans are relatively easy to perform, which tricks some companies into thinking they are PCI DSS compliant when truthfully, they’ve just started the process. PCI DSS compliance also requires the SAQ which doubles as a lie-detector of sorts for those looking to be PCI DSS compliant.
Are you PCI DSS compliant? It sounds much scarier than it really is, but failing to update your habits could result in a company catastrophe. Stay up-to-date and stay out of trouble by keeping in mind the above four facts about becoming PCI DSS compliant.