How PCI DSS Affects Your Business
PCI Data Security Standards can affect your business dramatically if you don’t pay attention to them.
The standards are a set of minimum requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. If your business ever accepts payment directly via credit or debit from your customers then the PCI requirements apply.
The full requirements can be seen at the PCI Security Standards Council (https://www.pcisecuritystandards.org/security_standards/index.php). There are 4 PCI compliance levels and a merchant will be subject to one of those levels. The level dictates which Self Assessment Questionnaire (SAQ) and scanning your business requires.
Here is where it can affect your business:
If you are subject to PCI DSS compliance at one of the 4 levels then you have to meet the requirements of that level which will be proven by the SAQ, an Attestation of Compliance and an official PCI DSS scan from an approved vendor. The scan and compliance documentation can be required every 90 days / once per quarter. This is a burden your business must prepare for and be serious about maintaining. You may also need to make changes to the way your systems are built and organized, especially if you have legacy software still installed.
The other way it can affect your business is if you do not co-operate or conform to the standards the service providers (i.e. Visa, MasterCard, etc.) require then at their discretion you may be subject to fines, card replacement costs, expensive forensic audits and other repercussions if a breach occurred. More seriously, they may refuse to do business with you. If your enterprise is dependent on credit and debit cards to be viable then this is a serious outcome that could close you down.
Additionally, other service providers you may work with, especially where there is an exchange of personal data, may insist you meet PCI standards even if you do not perform financial transactions with one another. The PCI standard is highly regarded and therefore is used to ascertain a level of security for these providers. Again the repercussion of not meeting the standard is the termination of partnerships and business agreements.
PCI DSS compliance is attainable with some effort and cost but will protect your business from the very negative outcomes. It shouldn’t be under-estimated the changes that may be required to ensure compliance so it’s best to start early and review often.
Squeeze Technology can help you to perform the PCI DSS compliance quartlery actions and ensure you remediation is properly executed.