The Importance of PCI DSS

PCI DSS image 9398938983
Image: adapted from

The Payment Card Industry Data Security Standard (PCI DSS) is a data security standard developed by the Payment Card Industry Security Standards Council to guide merchants that process credit card transactions. The standard comprises of 12 requirements that help to secure credit card transactions and reduce data breach and losses. Companies that process credit and debit card payments, and those that store and transmit cardholder data are expected to comply with PCI DSS.

Benefits of PCI DSS

For merchants, PCI DSS protects their most crucial assets; the company, customers, and money. The PCI Security Standards Council came up with the standard in response to increased cases of credit card fraud in the 1990s and 2000s.

A decade ago, fraudsters were just about using stolen or lost credit cards. Today, fraudsters can sell sensitive cardholder data, such as ZIP codes and card numbers, without necessarily having a physical credit card in their possession.

Moreover, with the rise of online business, Card-Not-Present (CNP) fraud is also on the rise. CNP makes it easy for fraudsters to make purchases using your name and card number without having physical access to the card.

Credit card fraud is still prevalent, and this is why merchants must be PCI-compliant. According to 2018 report by Action Fraud in the UK, contactless card fraud is on the rise. The organization reported 1,440 cases of fraud worth £711,000 in 2017. After ten months, the cases rose to 2,740 with a £1.8m worth.

A report released in 2016 by ACI Worldwide and Aite Group indicates that one in every three global consumers has been a victim of card fraud in the last five years. According to the study, card fraud losses in the US will hit $10 billion in 2020.

Why PCI DSS is Important for Merchants

1. Helps to Secure Your Business Data

PCI DSS aims to protect cardholder data from fraudsters and hackers. Complying with this standard helps you can keep this data secure, which also protects your customers from losses.

2. Enhances Customer Confidence in Your Business

Would you give a business your credit card data if you knew this data would be used maliciously? Consumers are less likely to buy from merchants that they feel can’t be trusted with their card data. Embracing PCI DSS and being compliant shows your customers that you are serious about keeping their card data secure. This is likely to increase your sales.

3. Protects Your Customers

When customers make credit cards transactions with your business, they trust that you’ll keep their data secure. While cardholder data is in your possession, you are responsible for securing it. If there is a data breach, your customers will also lose. Being PCI-compliant protects consumers from such losses.

4. Provides Guidelines for Securing Data

PCI DSS provides requirements that help merchants know what they need to do to keep their data secure. Even new firms on the market find it easy to implement the PCI DSS requirements as the standards are well laid out.

5. Helps Businesses Avoid Penalties and Lawsuits

If your firm experiences a data breach, lawsuits from cardholders and other related parties are likely to follow. For instance, the 2013 Target stores data breach saw hackers steal credit and debit card data from 40 million customers. Target had to pay over $10 in settlement fines in a class-action lawsuit from consumers. Being PCI-compliant can help you avoid such lawsuits and fines.

6. Avoid Data Breach Costs

In addition to losing customer confidence and loyalty, a data breach can cost you lots of money. For instance, you’ll need to pay court fines, compensate the customers, replace the hacked credit cards, cater for investigation costs, not to mention lost business as you may be barred from receiving credit card payments until you secure your system.

Remember the Home Depot massive data breach of 2014, where more than 56 million customer data was stolen? The company had to pay $19.5 million to settle an open-class action lawsuit. The company also paid an extra $27.25 million to settle the banks. In August 2017, the firm still had to pay $15.3 million in legal fees. The total cost in fines paid by the company, excluding litigation and legal expenses was more than $85 million.

Isn’t It Time You Become PCI-Compliant?

PCI-compliance requires you to meet PCI DSS requirements. Additionally, you need to validate that you are still in compliance with the requirements every year. Merchants with 1 to 6 million e-commerce annual transactions, who are at level 1 and 2 of compliance, can validate compliance by submitting to an annual on-site audit done by a Qualified Data Security assessor. Once the audit is done, they’ll be given a yearly report on compliance.

Merchants with less than 1 million e-commerce transactions annually are at level 3 or 4 compliance. These merchants need to validate compliance by completing a self-assessment questionnaire from the PCI and have the compliance verified.