Taking PCI DSS Compliance Seriously


years now credit card companies have been emphasizing the need for PCI DSS compliance – a set of rules designed to ensure a high level of security for sensitive credit card information. Nevertheless, many companies have put off implementing proper safety procedures.

Why, then, not traders postpone this? Further study of PCI DSS (Payment Card Industry Data Security Standard) shows that it does not really need anything so inconceivable that it would surprise the merchant in this day and age. These requirements do, in fact, the interests of the merchant in mind. Yet studies have shown that companies are not to be compliant as quickly as could be expected.

What would it take for traders to start taking PCI DSS compliance seriously?

Apparently recent history is not enough. In 2005, the famous incident involving TJX Companies Inc. The company recently revealed that they become very large security breach. From July 2005 to the breach was discovered in December 2006, hackers were able to get a supposedly secure network and compromised at least 45.7 million credit and debit cards.

It is also possible that the hackers had access to the decryption tool that gave them access to the PIN and other unique analyzes. With these numbers in their possession, the hackers had access to just about everything they need to cause some serious damage.

What was the outcome of this fraction (possibly the largest in US history)?

TJX estimated the cost of the offense would be in the neighborhood of 18 million dollars. External sources, however, put the number closer to 1.35 billion dollars when you figure in the costs of legal fees, call center costs and regulatory fines.

The interesting thing that we can learn from this experience is not that they were poor security. In fact, chances are big companies like this was probably a lot of time and resources in developing a very good security system. The point is that they did not seem to understand all the possible areas of attack or different areas of threat, and how to defend against those threats.

Payment Card Industry knew where the offense as this continues to occur, the integrity of the system would begin to break down, it is not good for them or for traders. So to encourage PCI DSS compliance, the payment industry has set the number of fines and penalties for those who do not comply. This could range from $ 300 fine for the offense, or that the loss of the ability to accept credit cards at all.

So now we have a recent history of some stern encouragements to take PCI DSS compliance seriously. And yet, there is still a distinct lack of enthusiasm when it comes to achieving compliance. What is there left to do?

The fact is that becoming PCI DSS compliant is just good business sense. As technology continues to grow and criminals develop new strategies to attack and steal sensitive data, consumers will be more and more likely to avoid making credit card transactions. The PCI DSS was created to help companies to learn about all the possible threats to the system and how to deal with problems as they arise.

Taking PCI DSS compliance is a serious first step towards building a safe, secure environment for consumers to conduct business. Historical examples and instituted fines and penalties do not seem to be enough to encourage this union, and ultimately, consumer behavior will be the single most important factor in increasing appropriate security measures.

wants, then PCI SSC should start stronger campaign to influence consumers, rather than just business.


Leave a Reply

Your email address will not be published. Required fields are marked *