Every dollar of fraud now costs banks and credit unions roughly $2.92 — a 9.3% increase over 2017.
As worldwide card fraud continue to rise , it is fundamental that the payments industry steps up to the challenge to prevent further data breaches and losses. One of the key elements of keeping data secure is PCI DSS compliance.
PCI DSS compliance is a requirement for any entity storing, processing or transmitting customer cardholder data.Whenever a card payment is made – in-store, online or over the phone – the acceptance and processing infrastructure needs to be secure. To restrict the opportunity for fraud, the major payment brands (American Express, Discover, JCB, Mastercard and Visa) created the Payment Card Industry Data Security Standard – aka, PCI DSS.
The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
PCI DSS is constantly working to monitor threats and improve the industry’s means of dealing with them, through enhancements to PCI Security Standards and by the training of security professionals.
Fundamentally, PCI DSS helps to prevent fraud for both consumers and businesses. When thoroughly aligned with the standard’s requirements, the risks of cardholder data being compromised are significantly reduced. However, the requirements are much more technical than other industry standards. Plus, many companies are not used to managing the myriad areas that need to be controlled across a payment IT infrastructure.
But failure to comply is dangerous, and common. Negative consequences include lost funds, identity theft, financial fines and, crucially, reputational damage. Research from Verizon in 2018 found that noorganisation affected by a payment card data breach was in full compliance with the PCI DSS requirements. This is a testament to the need for compliance to be taken more seriously.
PCI DSS aims to pin-point the simple mistakes cyber thieves commonly target, such as weak passwords, misconfigured technologies and uneducated employees.
It may be tempting to just “check the boxes” of compliance. But dedicating the time to do a thorough infrastructure review is vital to protect your business. Responsibility does not just sit with merchants, either. Every entity touched by cardholder data has a role to play in ensuring the security and integrity of their systems to protect cardholder data.
This can be hard to achieve alone. But with the right approach and partner, companies can seek to significantly reduce the scope of its infrastructure that falls under PCI DSS. This in turn reduces the risk, ongoing expense and time of compliance long term. At the same time, it encourages the introduction of new technologies and methodologies to increase efficiency and deliver new innovative value-added services.
It is true that PCI DSS compliance can be complex, time consuming and expensive. But by not approaching compliance in the right way, your business could put data at risk. It could also exponentially increase the cost and time required to become certified. This is without considering the devastating impact that fraud could have.
By working with a strategic partner, merchants, public transport operators (PTOs), processors and acquirers can turn certification nightmares into business enablers. Utilizing their deep understanding of the ecosystem and the nuances of PCI DSS, the rules can be applied intelligently to reduce the scope of your compliance. This cuts the time and cost investment needed, all while reducing risk. What’s more, the right partner can help you to put new technologies and infrastructure to work, adding value to your business and customers.
( Excerpts from an article of Mr. Christian Damour)