28 Oct PCI Compliance – Is There a Monster In Your Closet?
Monsters, Inc., a Pixar film, plays on the stereotypical childhood fear, that there are monsters hiding in our closet. Unlike in real life, where monsters are imagined, the movie suggests that monsters are real and out to steal our screams.
Payment Card Industry (PCI) Compliance is much like how we currently feel about our childhood fear of monsters in our closet. We think they are imaginary and that a monster isn’t going to jump out.
A data breach is a potential monster for any business that accepts payment cards. It is the risk we take in order to offer a convenient method of payment to our customers. Although a date breach is detrimental to a business, many businesses and franchisees believe that the cost of implementing PCI Compliance isn’t worth the effort because it brings no compensating gain. They’d prefer to take the risk. After all, the monster is imaginary. Right?
Recent headlines have been telling chilling stories of business monsters in the form of PCI data breaches. In 2012 alone, over $5B dollars was lost due to theft of payment card data. Payment card issuers including Visa, MasterCard, American Express and Discover mandate Payment Card Industry Data Security Standard (PCI DSS) compliance for all merchants who accept card transactions.
Right now you are thinking “I have a firewall, VLANs, and/or a new pin pad to keep monsters away from my customer data.” Although that is a great start, it does not meet the PCI DSS and will open your business up to risk of fines, remediation, and extensive audits.
You need to go beyond installing firewalls. Many customers do not realize how deeply the PCI Compliance monster reaches into their business. It is a set of rules that touch everything from HR to Marketing, and yes, IT. It is a monster with many, long arms. Here are some fast facts that may change your mind about the importance of PCI Compliance.
Ask yourself these three simple questions:
- Can you demonstrate that ALL employees have completed formal security awareness training?
- Can you demonstrate that each employee has read and understood the company security policies and procedures?
- Have you completed an annual Self-Assessment Questionnaire and quarterly, external vulnerability scan with 100% pass?
If you answered “no” to any of these questions then your business has a PCI monster waiting to leap out of the closet.
Since no service can guarantee that the monster won’t try to get in, you need a solution that goes deep into your business where the monster may try to reach. You need a solution that offers:
- Financial protection should a breach occur
- Employee training
- Vulnerability scans with remediation recommendation reports
- Self-assessment questionnaires
- Policy management
- Reporting, documentation and archiving
- PCI Compliance maintenance
- Wireless Intrusion Prevention (WIPS)
Open your eyes, because, it takes more than covering your eyes to keep the monster out.