If you have an e-commerce site or are considering building one for your business, you should be more than familiar with the letters P, C and I.
PCI stands for Payment Card Industry. The PCI Security Standards Council, founded by Visa, MasterCard, American Express, Discover and JCB, oversees a set of security standards that govern credit and debit card payments to keep consumer information safe. The standards apply to any business that accepts, transmits or stores any cardholder data, no matter how small.
Standards differ according to the level your business falls in and the card issuer, but they include everything from installing and maintaining a firewall wall to regularly testing security systems and processes and self-assessment questionnaires. Moreover, yes, even if you do not store credit card information yourself, you still need to meet PCI compliance standards, although there are fewer steps you need to take to do so.
If your business is not PCI compliant, it could spell big trouble for you, your customers and business in general, as data breaches are incredibly damaging. When customers lose trust, they don’t come back, and the damage to your brand and business can be insurmountable. Small businesses are not immune from fraud either; hackers will pounce on any vulnerability anywhere they can find it.
Beyond the often intangible loss of trust, there are financial penalties you may face as well if you are not PCI compliant. Compliance is not enforced by the council but rather by the payment brands and cards companies, who can set penalties at their discretion. Those penalties can be steep, ranging from $5,000 to $100,000 per month. They can also choose to terminate your ability to accept payment cards.
The price of a data breach is even steeper though, as the cost of each lost or stolen record containing sensitive and confidential information increased from $154 to $158.
While it may sound like a big, costly headache to comply with PCI standards, the fact is that they are there to help you prevent such breaches from happening. The security of your customers’ data should be of the utmost importance to you, and the cost of not complying can be far too high.