In short, if your business accepts card payments, it must be PCI DSS compliant. The Payment Card Industry Data Security Standards (PCI DSS) apply to any business that accepts card payments to protect customers and their sensitive information. Any method of card payment is included, including physical terminals, online payment pages, or through providers like PayPal or Stripe. Even if your business accepts payments but does not store the information, you have to be PCI DSS compliant.
What does being PCI DSS compliant mean?
The standards are set out by the PCI, an organisation formed by major card companies like Visa, MasterCard and American Express. They are a set of 12 requirements your business must satisfy to best protect your customers’ card details. These requirements fit into these categories:
- Build and maintain a secure network and systems
- Protect account data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
The volume of requirements might seem daunting at first, but OmniCyber’s dedicated PCI DSS services will help you at every stage of making your business compliant.
What would happen if my business wasn’t compliant?
There are severe consequences to PCI DSS non-compliance. Storing customer card details in an insecure way is irresponsible, puts your customers at risk, and is a serious breach of trust. The financial cost of being non-compliant is significant, no matter the size of your business.
If a breach is discovered, fines from banks can range from tens of thousands to several million. Additional monthly charges can be added on, and your business’ ability to process card payments can be revoked. Before this is reinstated, you must prove that your business is PCI DSS compliant with an assessment from an external Qualified Security Assessor (QSA), like OmniCyber Security.
Your business could also be placed in the Member Alert to Control High-Risk Merchants (MATCH) List, making you ineligible to obtain a new merchant account for several years.
Added to these costs are the damages to reputation and trust from customers, which will seriously harm your business’ future revenue.
How can I become PCI DSS compliant?
PCI DSS compliance is an ongoing process and commitment. Every year, your business must prove compliance with PCI DSS requirements by employing an external QSA or completing a self-assessment issued by their bank. Maintaining compliance with all the PCI DSS requirements can be complex and overwhelming. OmniCyber At OmniCyber, our experts can guide you through the whole process and make sure you are as secure as possible.
You can think of PCI DSS as a bit like running a car. Every year you have to get an MOT to prove that it’s roadworthy, but between MOTs you still need to maintain it with a service or topping up the washer fluid.
The annual PCI DSS check only proves that your business was compliant at one point in time. You need to maintain security all year round. OmniCyber provides unlimited vulnerability scanning you can use to check no weaknesses have appeared between the annual checks.
PCI DSS non-compliance is not worth the risk. Contact OmniCyber Security today to ask about the PCI compliance services we can provide to your business.
