Planning For The Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) was created to help guide companies toward higher standards of security to protect sensitive cardholder data. Planning ahead for the necessary changes is just good business sense.
The Payment Card Industry Data Security Standard (PCI DSS) was created to help guide companies toward higher standards of security to protect sensitive cardholder data. Any company that accepts, stores, processes, or transmits sensitive credit card information is required to be PCI compliant or risk a range of stiff fines and penalties – including the loss of the ability to accept credit cards at all.
Planning ahead, then, and preparing your company for the necessary changes required by the Payment Card Industry Data Security Standard is just good business sense.
There are a number of ways to do this. If you're a new company you can include PCI DSS measures from the beginning. If, however, you are a more established company, you must plan for making a relatively painless switch – or risk having a very painful switch forced on you later.
To help companies comply with the Payment Card Industry Data Security Standard the PCI SSC has offered some helps that can assist you in becoming compliant. One of these helps, or tools, is the the PCI DSS Self Assessment Questionnaire (SAQ). This is a tool that not only helps you recognize the aspects of compliance that you may still need to work on, but also lets you demonstrate your compliance with the PCI DSS.
Good documentation is one of the best things you can do for your company. On the road to payment Card Industry Data Security Standard compliance, you will be expected to be able to show your compliance or, at least, the steps you are currently involved in to reach compliance.
Auditors and bureaucrats – just hearing those names are enough to make some business owners cringe. Nevertheless, they are part of becoming compliant, so they can't always be avoided. Luckily there is nothing an auditor or bureaucrat likes better than a healthy pile of documents to sink their teeth into. By documenting every step you take, and what you've done to plan for the next steps, or to comply with the controls, you can make compliance a little less painful.
On the PCI SSC website you can download some documents that can help you plan and prepare for your compliance. These are the Self Assessment Questionnaire, the standard requirements, and the security audit procedure.
When it comes to credit card data security and the documentation that goes along with it, the old saying holds true: "It's better to have and not need than to need and not have."
Yet despite the mandates of the PCI DSS, many companies have still not taken the necessary steps to be PCI compliant. The excuses can be many and varied, including the popular standbys: it's too complex, it's too expensive, it's unlikely, given the percentage of breached to non-breached companies, that my company will be targeted.
The unfortunate truth here is that the Payment Card Industry Data Security Standard can be complex, and it can be be expensive to implement. And, generally speaking, most businesses get so caught up in the day-to-day workings of their company that the thought of spending a great amount of money and resources on defending against an attack that may never happen is a hard thing to justify.
The one thing to always keep in mind, here, is how much worse would the alternative be? If that attack should ever come, not only will you suffer the loss of possibly hundreds of thousands of dollars in fines and penalties, but you will also find yourself with a damaged reputation that could prove irreparable. And that could create a loss that is incalculable.
The same goes for your documentation. If you should have trouble along the road to the Payment Card Industry Data Security Standard, such as a breach or other intrusion, you will be able to show the security council that you were, in fact, doing everything within your power to become compliant.
"You never know" scenarios are never easy sells in the business world. But as we advance further into this digital age, that may be exactly what is needed.
Andy Eliason is a writer at Main10, Inc. If you'd like to know more about the Payment Card Industry Data Security Standard, or becoming PCI compliant, visit Braintree Payment Solutions today.
Planning ahead, then, and preparing your company for the necessary changes required by the Payment Card Industry Data Security Standard is just good business sense.
There are a number of ways to do this. If you're a new company you can include PCI DSS measures from the beginning. If, however, you are a more established company, you must plan for making a relatively painless switch – or risk having a very painful switch forced on you later.
To help companies comply with the Payment Card Industry Data Security Standard the PCI SSC has offered some helps that can assist you in becoming compliant. One of these helps, or tools, is the the PCI DSS Self Assessment Questionnaire (SAQ). This is a tool that not only helps you recognize the aspects of compliance that you may still need to work on, but also lets you demonstrate your compliance with the PCI DSS.
Good documentation is one of the best things you can do for your company. On the road to payment Card Industry Data Security Standard compliance, you will be expected to be able to show your compliance or, at least, the steps you are currently involved in to reach compliance.
Auditors and bureaucrats – just hearing those names are enough to make some business owners cringe. Nevertheless, they are part of becoming compliant, so they can't always be avoided. Luckily there is nothing an auditor or bureaucrat likes better than a healthy pile of documents to sink their teeth into. By documenting every step you take, and what you've done to plan for the next steps, or to comply with the controls, you can make compliance a little less painful.
On the PCI SSC website you can download some documents that can help you plan and prepare for your compliance. These are the Self Assessment Questionnaire, the standard requirements, and the security audit procedure.
When it comes to credit card data security and the documentation that goes along with it, the old saying holds true: "It's better to have and not need than to need and not have."
Yet despite the mandates of the PCI DSS, many companies have still not taken the necessary steps to be PCI compliant. The excuses can be many and varied, including the popular standbys: it's too complex, it's too expensive, it's unlikely, given the percentage of breached to non-breached companies, that my company will be targeted.
The unfortunate truth here is that the Payment Card Industry Data Security Standard can be complex, and it can be be expensive to implement. And, generally speaking, most businesses get so caught up in the day-to-day workings of their company that the thought of spending a great amount of money and resources on defending against an attack that may never happen is a hard thing to justify.
The one thing to always keep in mind, here, is how much worse would the alternative be? If that attack should ever come, not only will you suffer the loss of possibly hundreds of thousands of dollars in fines and penalties, but you will also find yourself with a damaged reputation that could prove irreparable. And that could create a loss that is incalculable.
The same goes for your documentation. If you should have trouble along the road to the Payment Card Industry Data Security Standard, such as a breach or other intrusion, you will be able to show the security council that you were, in fact, doing everything within your power to become compliant.
"You never know" scenarios are never easy sells in the business world. But as we advance further into this digital age, that may be exactly what is needed.
Andy Eliason is a writer at Main10, Inc. If you'd like to know more about the Payment Card Industry Data Security Standard, or becoming PCI compliant, visit Braintree Payment Solutions today.
Use the feedback form below to submit your comments.
Use the form below to email this article to your friends.
- Data Storage - Online Data Backup
- Holographic Storage Memory - An Introduction
- Storage Area Network (SAN)
- Online Storage Sites: Online Storage Space...Sometimes Free
- You got to Love all the Latest Devices Available on the Market This Month of August 2006
- File Compression
- What is a Data Logger
- The Ubiquitous Indestructible Pen Drive
- Beware of Hidden Costs When Purchasing Self Storage Software
- Pen Drive As The Ultimate Mode To Transport Data
- Recording Information to Disks: What Are Your Options?
- Online Data Storage Trumps Disaster Insurance
- Online Data Storage Keeps Data Safe In An Emergency
- Is Remote, Online Data Storage Really Necessary?
- Online Data Storage Or Tape Backup - What's Better?
- Holographic Data Storage – The Next Generation
- Computer Data Backups: Test Now or Cry Later
- RAID Levels Explained
- RAID 5 Vs. RAID 1
- How to Open .MDF Files
- How Much RAM Do I Need
- Data Storage Types
- How to Open RAR Files
- Data Center Best Practices
- RAID 5 Vs. RAID 10
- RAID 0 Vs. RAID 1
- How to Extract RAR Files
- File Compression Programs
- Video Compression Formats
- How to Compress a File
- Free Online Storage Sites
- Types of Data Storage: Primary and Secondary Storage
- Data Storage: Types of Computer Data Storage Devices
- RAR Extractor