Posted by websiteverification on April 28, 2009
Ok, so we all know about the PCI DSS (Payment Card Industry Data Security Standards) by now. But some of you may be wondering what the PCI DSS fines are if you do not become compliant. The fines can be pretty steep as I will explain below, but not only will you risk huge fines if you aren’t compliant, you are putting your security system and customer information at risk.
All businesses who store, transmit or process credit card data are required to follow the PCI DSS, and should have become PCI compliant by the end of 2007. If you are one of these businesses and are not yet compliant, you are constantly at risk of losing sensitive cardholder data, which will most likely result in PCI DSS fines, legal action and bad publicity. Organizations that fail to comply face fines of up to $500,000 if the data is lost or stolen and risk not being allowed to handle cardholder data.
High-status cases concerning big corporations have hit the headlines in the last couple of years. The Payment Card Industry has threatened huge fines against some larger merchants of up to $25,000 per month until compliance is obtained. In the high-profile case of TJX (owner of T.J. Maxx, Marshalls, Home Goods and A.J. Wright retail chains), the company reported spending $202 million because of the PCI violation that compromised the cardholder account information of as many as 40 million customers. The money is being spent to handle more 20 lawsuits brought against it by banks and consumers in the U.S. and Canada and to pay settlements with credit-card associations.
So don’t risk it. If you are not yet PCI compliant get there now. It is not as hard as it may seem, and well worth the time and money you put into it. If you don’t want to risk those pesky PCI DSS fines, you know what to do!
Posted in pci compliance, website verification | Tagged: pci, pci compliance, pci compliant, pci dss, pci dss fines, pci security standards, trust guard, website security, website verification | 4 Comments »
Posted by websiteverification on March 10, 2009
I have been talking about the PCI Security Standards a lot in my posts. I have gone into a lot of detail about what the PCI Security Standards are, but I thought it might be helpful to let you know where they come from. In doing all my research one of my main sources has been the PCI Security Standards Council’s website (found at https://www.pcisecuritystandards.org/). They are kind of the main resource and enforcer of PCI compliance and PCI scanning. I thought it might be helpful to everyone to let you know a great place to find out more information about the PCI Security Standards.
The PCI Security Standards Council’s goal is to improve security for payment card accounts by bringing more education and awareness of the PCI Security Standards to merchants and businesses around the world. The PCI Security Standards Council was founded by the five major credit card companies American Express, Discover, JCB International, MasterCard, and Visa.
To give you some idea of how the PCI Security Standards Council runs on a daily basis, I have included some information about the different areas of the council. The PCI Security Standards Council is headed by a policy-setting Executive Committee, consisting of representatives from the five founding payment brands. Operational decisions are made by a Management Committee, as well as from the payment brands. An Advisory Board, drawn from participating organizations, offers input to the organization and feedback on the progress of the PCI Data Security Standards. A Marketing Working Group, Technical Working Group, and a Legal Committee, whose participants are drawn from the payment brands, deal with their respective activities.
So if you are ready to make your business PCI compliant, reading about the PCI Security Standards Council is a great place to start. You can find a lot of great useful resources and information on their site to help you know what you need to do.
Posted in pci compliance, website verification | Tagged: pci compliance, pci compliant, pci dss, pci scanning, pci security standard, pci security standards, trust guard, website security, website verification | Leave a Comment »