PCI-DSS (Payment Card Industry-Data Security Standard) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information manage it safely and in a secure environment. PCI-DSS was launched in 2006 to manage PCI security standards and improve account security throughout the transaction process and has been updated every 2 to 3 years since that time with updated prescriptions. The current version of PCI-DSS compliance is v3.2.1 and is available here for reference

Every time users provide sensitive information such as their name, account number, and credit card information, they are putting their trust in the organizations that process their transactions. That brand and trust come from a strong protective standard.  Companies that fail to comply with PCI-DSS can receive severe penalties including losing the right to accept payment cards entirely until they remedy the security short-comings in their cybersecurity program.  There is also brand damage to a business’s reputation whenever they’re implicated in a credit card breach. 

Source: DigitalGuardian, Netwrix

Additional Resources: An Overview of PCI Compliance

Related Terms: CMMC Standard, SSAE Compliance

PCI-DSS Breach Articles:  2007 TJX Breach Summary

What does this mean for an SMB?

If your SMB deals with cards as a form of payment you should be aware of these standards and do what you can to secure your data. CyberHoot recommends implementing these actions to improve your PCI-DSS compliance at your business:
  • Install and maintain a firewall on your networks
  • Encrypt all transmissions of cardholder data across public networks
  • Regularly update anti-virus and anti-malware on all systems
  • Ensure only authorized personnel have access to sensitive cardholder data
  • Monitor access to all network resources and cardholder data
  • Establish and maintain policies that address cardholder data security 
  • Train and test employees on phishing threats 

To learn more about PCI-DSS, watch this short 2 minute video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.