According to a survey recently unveiled by the Ponemon Institute, a new factor is driving adoption of encryption technologies by merchants. For the first time in the six years of the U.S. Enterprise Encryption Trends survey, more businesses emphasized the meeting of PCI DSS requirements as a factor for adopting encryption technology. PCI Compliance is so important and many businesses need to be sure to follow the standards.
Previously the primary motivation to adopt data security technologies was to protect against security breaches. In the past year, PCI compliance requirements have matured. Visa's fifth PA-DSS security deadline passed in July, driving software vendors to comply with PA-DSS deadlines at an increased rate. This fall, Version 2.0 of the PCI DSS and PA-DSS were revealed by the Payment Card Industry Security Standards Council (PCI SSC). Penalties have begun to be doled out by acquiring banks and credit card companies on merchants not complying with the PCI DSS.
In order to protect themselves from card data theft and achieve compliance, businesses are looking to available technologies that will help them satisfy the compliance requirements of the industry. One technology that has received growing attention is encryption. End-to-end encryption (E2EE), or point-to-point encryption as the PCI SSC dubs it, protects the sensitive cardholder data from card swipe until the payment processor.
Payment brands have the ability to fine acquiring banks up to $100,000 per month for non-compliance violations. These fees are then passed down by banks to non-compliant merchants. The potential costs associated with non-PCI compliance don't just end with fines, credit card replacement and audit fees: costs can also come in the form of loss of business and revenue, brand damage, increased transaction rates or banks terminating their relationship with a merchant. Such penalties can be catastrophic to a small business.
The time involved in being PCI compliant and secure may seem excessive at first, but when compared with the potential fines and security breaches that can occur, the process is actually quite reasonable. If credit card processing is going to be a regular aspect of your business, the investment is more than worthwhile. So don't take PCI Compliance lightly.
Previously the primary motivation to adopt data security technologies was to protect against security breaches. In the past year, PCI compliance requirements have matured. Visa's fifth PA-DSS security deadline passed in July, driving software vendors to comply with PA-DSS deadlines at an increased rate. This fall, Version 2.0 of the PCI DSS and PA-DSS were revealed by the Payment Card Industry Security Standards Council (PCI SSC). Penalties have begun to be doled out by acquiring banks and credit card companies on merchants not complying with the PCI DSS.
In order to protect themselves from card data theft and achieve compliance, businesses are looking to available technologies that will help them satisfy the compliance requirements of the industry. One technology that has received growing attention is encryption. End-to-end encryption (E2EE), or point-to-point encryption as the PCI SSC dubs it, protects the sensitive cardholder data from card swipe until the payment processor.
Payment brands have the ability to fine acquiring banks up to $100,000 per month for non-compliance violations. These fees are then passed down by banks to non-compliant merchants. The potential costs associated with non-PCI compliance don't just end with fines, credit card replacement and audit fees: costs can also come in the form of loss of business and revenue, brand damage, increased transaction rates or banks terminating their relationship with a merchant. Such penalties can be catastrophic to a small business.
The time involved in being PCI compliant and secure may seem excessive at first, but when compared with the potential fines and security breaches that can occur, the process is actually quite reasonable. If credit card processing is going to be a regular aspect of your business, the investment is more than worthwhile. So don't take PCI Compliance lightly.
About the Author:
Want to find out more about the PCI Compliance Standards, then visit Karen Carter's site on how to choose the best PCI Compliance information for your needs.
No comments:
Post a Comment