LOUISVILLE, Ky. (December 18, 2009) - Hacking and data breaching for profit are unfortunate
everyday occurrences throughout our society. Far removed from petty criminals
and purse thieves, cybercriminals are precise, subtle, and can be located
anywhere in the world. And, their damage amounts to more than just dollars. A
knowledgeable hacker can steal an identity so completely that the victim might
never regain credibility!
The business security industry has struggled to keep up with
the technological advancements used by identity thieves, and while online
threats often gain the most media attention, there is still plenty of need to
secure the world of brick-and-mortar retail.
Regardless of location, credit cards and debit cards tied to
bank accounts are two of the primary targets for identity thieves. The payment
card industry (PCI) formed the PCI Security Standards Council (SSC) to address
known problems with securing consumer information during payment card
transactions. Today, it is critical for all businesses to be in compliance with
PCI security standards and guidelines, not just in the name of good business,
but to protect consumers and avoid significant consequences.
What Is the PCI
Standard?
The Payment Card Industry Data Security Standard (PCI DSS)
is a set of regulations designed to standardize and strengthen the means by
which consumer data is secured against electronic theft. Compliance with PCI
DSS is required to ensure that all businesses that process, store or transmit
consumer payment card data operate with secured infrastructures. In addition,
the PCI DSS helps to facilitate international standards of data security for
all types of business, while also encouraging consumer confidence in payment
card transactions.
Who Is Subject to PCI
Compliance?
Any business that accepts payment via credit or debit cards
is subject to PCI DSS compliance. This includes small businesses, businesses
run from consumer homes, businesses that operate through third-party
processors, and online-only banks and retailers. Businesses that fail to reach
this level of compliance may see their banks fined anywhere from $5,000 to
$100,000, an expense which will likely be passed on to the business itself, in
addition to bank-imposed penalties or a termination of the bank-merchant
relationship.
How Can Businesses
Reach Compliance?
The PCI SSC provides the PCI requirement standards as 12
responsibilities within six distinct action groups:
Build and maintain a secured environment.
Protect consumer financial data.
Establish a program for vulnerability
maintenance.
Establish restrictive access controls.
Test and maintain security measures.
Adopt an information security policy.
In addition, businesses can implement security measures
outside the minimum requirements of PCI compliance that can help keep sensitive
consumer and business information secured. These measures include comprehensive
end-user identity verification and authentication procedures, among others. Verifying and
authenticating consumer identities before proceeding with a transaction can
protect your payment systems from unauthorized access and prevent losses
incurred through fraudulent transactions.
Electronic Verification Systems, an industry leader with more
than 10 years of data provision and fraud prevention
experience, specializes in integrating identity verification and authentication
procedures into established business security structures. We can help you
implement a comprehensive verification program that blends seamlessly into the
end-user experience for the very best in security and customer satisfaction.