Global Payments and the Importance of Achieving PCI Compliance
Last month, one of the biggest names in digital and mobile commerce, Global Payments, confirmed a significant security breach affecting 1.5 million credit card holders. Within days, Visa dropped the company from its list of PCI compliant providers.
From large enterprises to small online retailers, compliance with the PCI Data Security Standard (PCI DSS) is a vital step in ensuring the safety of financial transactions. PCI DSS was first developed in response to an overwhelming number of credit card data thefts by hackers, and now serves as the industry standard for E-payment security. It’s a mirror of common-sense security best practices designed to protect consumers and make website security a continuous, ongoing process.
There are 3 key steps that the Security Standards Council spells out for adhering to the PCI DSS:
Assess – Identify cardholder data, take an inventory of your IT assets and business processes for payment card processing, and analyze them for vulnerabilities that could expose cardholder data.
Remediate – Fix vulnerabilities and do not store cardholder data unless you need it.
Report – Compile and submit required remediation validation reports (if applicable), and submit compliance reports to the acquiring bank and card brands with whom you do business.
Failure to meet compliance standards can result in fines from credit card companies and banks, and you can even lose the ability to process credit card payments.The size of your business and volume of transactions will determine your specific compliance requirements, and you can find out your exact compliance requirements from your merchant bank or acquirer.
The Real Cost of a Breach
The cost merchants face when a worst-case scenario occurs can be devastating. From the cost of a forensics audit to exorbitant fines for lack of compliance and fraudulent transactions, a serious breach has the power to cripple or destroy any small business. What’s worse is that most CEOs and business owners are unaware of the ultimate costs of a breach in security until it’s too late.
A large organization like Global Payments may be able to absorb the costs of a breach, avoiding the ruin that may have been the fate of a small operation, but the effects of the breach are not purely monetary. After being dropped by Visa’s list of compliant providers, the company will have to work hard to undo the damage done to their reputation.
The Bottom Line
For online merchants, PCI compliance can ultimately mean the difference between success and failure, and there are even greater implications for the eCommerce community as a whole. Consumer apprehension is one of the biggest hindrances to the growth of online commerce, and PCI compliance is the first step in overcoming this obstacle and building trust among customers.
Ultimately, the breach of Global Payments has brought a much-needed spotlight to PCI DSS. And while the basic standards may not be enough to protect data from the most sophisticated attacks, they are a critical foundation that should be built upon to ensure financial transaction security.
Visit our website for more information on how the McAfee PCI Certification Service can help provide your company with step-by-step compliance guidance, and be sure to follow us on Twitter at @McAfeeSECURE for the latest in eCommerce news and events.