Prevent credit card theft with a strong PCI program
Don’t let credit card theft sink your business!
If you accept credit card information, you must comply with the Payment Card Industry Data Security Standard (PCI DSS). This mandatory standard defines the minimum requirements necessary to protect cardholder data against theft and unauthorized access.
Credit card theft continues to be rampant in 2020
In 2019, the FTC’s Consumer Sentinel Network received more than 3.2 million reports of marketplace problems. The majority of those reports (271,000) were related to credit card fraud. Additionally, payment card crime is becoming more popular as “card not present” attacks, which use data stolen during phishing and malware attacks.
A major tactic of cybercriminals is to break into your IT systems, steal your data and demand a hefty ransom, or else they’ll publish your data on the dark web. Unfortunately, 60% of small companies go out of business within six months of experiencing a data breach.
PCI DSS compliance is
a critical security requirement for retailers
You must comply with PCI DSS requirements if your business is involved with handling credit card data from any of the major card brands (Visa, Mastercard, Discover, American Express and the JCB Card).
Failure to comply may subject you to fines, penalties and restriction of your bank card acceptance privileges. You can be sued, suffer reputational damage and lose business. You may also need to submit privacy breach reports to state authorities and provide identity theft coverage to your affected customers.
What are the PCI compliance requirements?
The PCI Data Security Standard is a complex 139-page technical document that defines requirements for retailers of all sizes, from sole proprietors to major online sellers like Amazon. Your compliance depends on factors such as:
- The number of credit card transactions you complete.
- How you accept, process, transmit and store card information.
- What data you provide to other vendors and business partners, such as your web hosting company.
Additionally, PCI compliance is not a one-time process. Ongoing management and monitoring are essential, along with annual testing, assessment and reporting.