Payment card industry (PCI) compliance refers to technical and operational standards followed by businesses in order to protect and secure credit card data provided by cardholders via card transactions. As such, it is a key component of credit card security protocol.
Although there is no regulatory mandate requiring PCI compliance, it is viewed as mandatory through court precedent. PCI Compliance is developed and managed by the PCI Security Standards Council, who are also responsible for developing the PCI DSS.
In the workplace, keeping organizations PCI compliant relates to the protection of sensitive and proprietary data. For this reason, it’s important that staff at all levels of the organization understand how it works, and why it’s necessary.
118.6 million individuals were affected by 10 major data breaches in the first half of 2021, with three taking place at tech companies. Although this is a significant drop from 2.5 billion (in 2016), credit card security is still a major consideration for workplaces.
The role of the Identity Theft Resource Center (ITRC) is to track incidents where hackers steal sensitive customer and employee records containing Personally Identifiable Information.
In the past year, the center reported a significant rise in data compromises for professional services, utilities and manufacturing.
In addition to increased vulnerability to data breaches, non-compliance may also result in
The benefits of PCI compliance are simple, yet fundamental: compliance reduces the risk of data breaches and fines while protecting customers and helping companies to retain a positive brand reputation. With so many risks involved, it’s vital to ensure compliance.
Secure cardholder data is captured at the point of sale and as it transfers into the payment system. A key step is to never store any cardholder data, which includes protecting:
Key areas to cover in PCI compliance training for employees include (but are not limited to) the following:
In addition to working with the IT team to help strengthen network security, the risk management team can also help secure PCI compliance through creating comprehensive training programs and putting PCI-specific policies and procedures in place. Additional steps to help secure and maintain PCI compliance include:
Organizations who follow and meet the Payment Card Industry Data Security Standards (PCI DSS) are considered PCI compliant.
To meet requirements, they must complete a checklist for PCI compliance including 12 key requirements, 78 base requirements, and 400 test procedures. More information on these can be found via the PCI Security Standards Council.
When it comes to securing and maintaining PCI compliance, knowledge is power. By educating staff at all levels on the correct policies using appropriate training methods, companies have a better chance of staying compliant and securing their business reputation while protecting against data breaches.
The Cactus ransomware gang has been exploiting vulnerable Qlik sense servers ever since November 2023…
Autodesk Drive is a data-sharing platform for organizations to share documents and files in the…
The Iranian state-sponsored threat actor MuddyWater has been observed exploiting a legitimate remote monitoring and…
Hackers often target WordPress plugins as they have security loopholes that they can exploit to…
In a significant move for tech enthusiasts and historians alike, Microsoft has made the source…
Progress addressed a critical vulnerability last week, which was associated with an unauthenticated Command injection…