PCI DSS Compliance
The UK Government’s Cyber Security Breaches Survey 2017* revealed that nearly half of all UK businesses had suffered a cyber breach in the previous 12 months with small businesses hit particularly hard by attacks. With more stringent data protection laws in the form of the EU’s new General Data Protection Regulation (GDPR) coming into force in May 2018, the pressure is mounting on businesses to demonstrate that they are in control of their data storage and well-equipped to deal with an attack should it happen. Payment Card Industry Data Security Standard (PCI DSS) requires businesses to process card payments in a secure environment, protecting customer data from hackers and shielding the business from the repercussions of a data breach. The PCI DSS Compliance guidelines aren’t meant as an inconvenience, rather an opportunity to improve your business’s chances of fending off a serious cyber attack and ensure there are effective procedures in place. Despite this we regularly meet businesses that aren’t compliant and are without adequate protection or systems in place to deal with the threat. So what is it that is stopping businesses getting their PCI DSS compliance sorted? Here we list the four most common myths:
PCI DSS doesn’t apply to my business
It is commonly assumed that PCI DSS only applies to larger organisations or e-commerce businesses when in fact, PCI DSS is relevant to any ‘merchant’ that collects and processes credit card payments in person, over the phone and online, regardless of the type or size of the organisation. Small businesses are more likely to fall victim to data hackers as they tend to have less robust firewall protection in place so it’s actually just as important for them to have addressed their compliance as it is the larger enterprises. The requirements for reaching compliance are broken down into levels from one to four depending on the volume of transactions. As a trader, if you do fall victim to a data breach and you are found to not have adequate systems or procedures in place that reach the standard of the relevant PCI DSS level, you will be at risk of receiving a hefty fine, a ban on accepting card payments and, more seriously, damage to your brand reputation. Today’s consumers have high expectations of companies doing their upmost to keep their data protected. If this trust is damaged, it is very difficult to repair that can mean disaster for business.
PCI DSS is too difficult to implement
There is no doubt that it can be challenging for businesses to implement and maintain systems and procedures that are PCI DSS compliant, particularly those that are smaller and don’t have internal resources and expertise. However, with the GDPR launch date looming, now is the time to be investing your efforts into achieving PCI DSS compliance as this will take you closer to reaching the new data protection regulations standards. Small merchants may be eligible for PCI DSS self-assessment by submitting the relevant self-assessment questionnaire (SAQ) which can be completed without the need for an external consultant or producing a report. If you are confident that your card payment systems are robust to the right standard then going through the self-assessment process is worth the time. For those that need their card payment processes reassessing or for larger businesses that face a more complex route to achieving PCI DSS compliance, there are service providers out there that can help.
Achieving PCI DSS compliance will cost too much
Depending on the changes that are required to help you reach PCI compliance, there may indeed be costs associated with implementing new systems and investing in staff training. But your budget doesn’t have to be huge. Here at Columbus, we create card payment systems that are accredited to a PCI DSS Level 1 standard. By outsourcing your payment system to us, you cut your risk of exposure to data breaches AND reduce the amount of time you have to spend on compliance validation leaving you to focus on the other core areas of your business. Our systems are created entirely from scratch to suit the needs of your business and integrate seamlessly with your other IT and database functions and processes. And the best news is that it won’t cost you the earth especially not in comparison to the risks of non-compliance!
Columbus has the technology, experience and expertise to help you meet the challenge of PCI Compliance covering agent, IVR, online and mobile payments through our PCI Compliance Cloud Services. If you need advice or you would like to discuss your challenges why not speak to one of our friendly and experienced experts on 0333 240 7755. We would be delighted to help you.