Nearly everyone accepts credit cards as payment for products and services. We all know that. But what you may not fully realize, or be prepared to address, is that if your company accepts, transmits or stores cardholder data, you are at a huge liability risk, if you’re not PCI compliant.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. Visa, MasterCard, American Express, and Discover all require PCI compliance.
PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data for debit and credit cards. Some of the requirements include building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, and regularly monitoring and testing networks.
Target Corporation found this out the hard way when they recently were hacked. Now, Target’s responsible, even though they had no direct contractual relationship with the retailer and the credit card issuers.
Bottom line: the more reasonable steps retailers take to protect consumer data, the more likely they will be to survive this type of litigation nightmare.
Savvior helps organizations become PCI compliant, such as the work we did creating Vector Security's online bill payment system.
If you’re handling your customers’ credit cards, you should be concerned about PCI compliance. Savvior can help you get there. Reach out to us to learn more: firstname.lastname@example.org.