Non-compliance can be a costly oversight, as fines are likely to be imposed by the card schemes, via their acquiring banks, on merchants who fail to meet the required standard. Breaches of data security are potentially damaging to the reputation of an organisation. A change in EU data privacy law, when implemented in individual states, will require the publication of all individual data breaches, shining a spotlight on organisations which have failed to protect customer data to the required level.
What Is PCI DSS
The PCI Data Security Standard (PCI DSS) includes twelve requirements, which cover secure networks, protecting data, access control measures, information security, and monitoring and testing.
Its overarching aim is that cardholder data must be protected and that authentication data should not be stored anywhere on the company’s systems.
Compliance is enforced by regular audits either carried out by a professional Qualified Security Assessor (QSA), Internal Security Assessor (ISA) or by internal compliance personnel.