Picture this. You just launched your first company website to sell your clothing line. Customers are purchasing products, and you’re starting to make a profit, then BAM! You get hit with a fine because your website is not PCI compliant. What’s next?

What Is PCI Compliance?

PCI Compliance is a security requirement created for online merchants by five of the major credit card companies, American Express, Discover Financial Services, JCB International, Mastercard and Visa, to protect customers and reduce fraud.


The PCI Security Standards Council aims to achieve six goals:

  1. Build and Maintain a Secure Network
  2. Protect Cardholder Data
  3. Maintain a Vulnerability Management Program
  4. Implement a Strong Access Control Measure
  5. Regularly Monitor and Test Networks
  6. Maintain an Information Security Policy

Why It’s Important To You

Aside from any fees you may incur, you are also putting your business at risk by not being PCI compliant. Maintaining customer trust is imperative; especially given the fact that 60 percent of consumers believe merchant websites are not doing enough to protect their credit card and personal information. An online breach of data will hurt your reputation and customer loyalty. If customers lose trust in the safety of your website, sales will decrease and your business will suffer.

Additionally, if your website is hacked, you may be liable for replacing payment cards, paying legal retribution or even lose the ability to accept online payments in the future. Taking the next step to be PCI compliant further ensures that your customer data is protected.

The Process

In order to achieve PCI compliance, you need to work with a PCI-qualified security assessor who will partner with your company and work onsite throughout the process.

The assessor will guide your company through the three-step process:

  1. Assess
  2. Remediate
  3. Report

Assess:

The assessor will work with your company to identify the location of cardholder data. This includes an inventory of IT assets and business processes for payment card processing. Once identified, these areas are analyzed to identify any existing vulnerabilities.

Remediate:

Your company will then be required to patch all vulnerabilities. Additionally, PCI Security Standards require the elimination of customer payment information storage unless absolutely necessary. Failure to remove this information can result in serious consequences and fines for your company. This step further secures your website from hackers looking to access customer data.

Report:

Once all vulnerabilities are patched the security assessor will compile and submit the required reports to the appropriate bank and card brands. Your company will formally be certified as compliant and you can begin selling products online.

 

Being PCI compliant not only protects your company financially, but also protects your hard-earned reputation. Check out the easy-to-use SiteLock PCI Compliance package.

Want to learn more about the PCI compliance process or find information on finding an assessor? Get all the details.

 

Sources:

https://www.pcicomplianceguide.org/pci-myths/

https://www.pcisecuritystandards.org/pci_security/why_security_matters

https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security