The topic of the PCI Vulnerability Standards has been all over the web over the last few years. By now we all pretty much know that PCI compliance is an obligation for all merchants that accept credit cards. But all the talk about PCI has brought up numerous questions as well. I put together a list of some frequently asked questions to help everyone with some answers.
What exactly are the PCI Vulnerability Standards? The PCI vulnerability standards, usually referred to as PCI DSS (PCI data security standards), consist of 12 detailed requirements produced by the PCI council. The PCI council consists of the five major credit card companies. The standards were created for the purpose of bringing forth a unified way for businesses to keep their customer’s private information safe and secure. It was put into place September of 2006.
Do the PCI standards apply to all businesses? Any business that accepts transmits or stores credit card information must meet the specifications of PCI compliance, no matter their size. To put it more simply, if you accept credit cards at your place of business, then the PCI requirements must be followed.
What if we don’t accept credit cards, but we accept debit cards? PCI compliance still applies here. The PCI standards must be followed by any organization accepting credit or debit cards, or pre paid cards. Essentially, if you are accepting any kind of cards branded with a logo from one of the five major credit card companies – American Express, Discover, JCB, MasterCard, or Visa – you must be in compliance.
Where is a complete list of the PCI Vulnerability Standards? Check out the website https://www.pcisecuritystandards.org.
How is PCI scanning related to PCI compliance? According to the PCI council, in order to sustain proper PCI compliance, your business should undergo daily or quarterly PCI scans of your system. An ASV, approved scanning vendor, should scan your system including things like your website, office internet connections, and more. Basically anything that is connected to a public IP address.
What happens if I am not in compliance? Outrageous fines as high as $100,000 a month may be charged for violating PCI. This can becatastrophic, especially to small businesses, so do not take this lightly.
This article may or may not have answered all your PCI related questions. Above all just remember that the PCI vulnerability standards must be followed and if you still have questions, don’t hesitate to ask. There is a lot of information available and PCI compliance is very important.