Page 34 - GS221102
P. 34
Education
What is PCI • Level 4: Merchants that process up to 1 million
regular card transactions per year
compliance? The more transactions you process, the stricter the PCI
controls will be. So a Level 1 business will have stricter
guidelines than a level 4 business.
What happens if you are not PCI compliant?
The penalty for not being compliant ranges from fines
(some of which can reach in the millions of dollars),
reputational damage, decreased sales, no longer being
able to accept major credit cards and, in some cases, the
loss of the business.
Gary W. Glover How do you become PCI compliant?
SecurityMetrics
PCI compliance can take time. You will need to get an
CI DSS stands for the Payment Card Industry assessment, implement controls, gather documentation
Data Security Standard. The PCI DSS is a set of and continue to update your security. While there are
guidelines, or controls, that businesses should concrete steps to becoming PCI compliant, it’s not a one-
P follow to keep their data secure and protect time job. Being PCI compliant requires ongoing effort,
themselves against a data breach. In order to work with and so it is more of a mindset of security rather than a
major credit card companies, you must be PCI compliant. checklist.
PCI compliance controls cover firewalls, password security, PCI compliance is a large and complex task that will most
ecommerce security, protecting stored cardholder data, likely require assistance. In addition to your own efforts to
malware protection, antivirus software and more. The become compliant, you can always reach out to experts for
purpose of the PCI DSS is to help businesses protect help as you go through this process.
against data theft and the repercussions of data theft such What are the benefits of PCI compliance?
as fines, damaged reputation and possible closure of a
business. Ensuring that your business is secure has many benefits.
Of course it helps you avoid fines, lawsuits and loss of
Ecommerce is a particularly vulnerable place for threat customer trust. But it also helps you have peace of mind.
actors to target. In recent primary research, SecurityMetrics It is normal for people to protect the things that are most
found that 88.89 percent of shopping cart inspect reviews valuable to them whether that is family, friends, or perhaps
identified malicious, suspicious, and/or concerning issues a nice car or a treasured heirloom.
on researched ecommerce sites. One of the main updates
in the new PCI 4.0 standard is the addition of ecommerce When thinking about the amount of time, energy, money
security solutions. and people it takes to build and maintain a company, it
How do you know if you need to be PCI compliant? makes sense to do what you can to protect that investment
from possible damage or even destruction.
The short answer is if your business accepts or processes
payment cards, you need to be PCI compliant. Regardless The PCI standard can seem overwhelming or even
of the size of your business or how many transactions annoying, but it was designed to help business owners
you do, if your organization collects, transmits, maintains and stakeholders protect their investments in their
or transfers card data, you must comply with the PCI respective organizations. Becoming PCI compliant will
standard. help you maintain security and gain peace of mind about
your organization.
Per the following guidelines, the number of transactions
you do each year will determine what your PCI compliance Gary Glover, vice president assessments at SecurityMetrics, began his
validation requirements are: career with a master’s degree in mechanical engineering. In that field,
• Level 1: Merchants that process over 6 million card he worked as an aerospace engineer on classified government projects,
transactions per year helped on the design of the International Space Station, and worked
with NASA and Russian engineers on a Mars rover design. Later, when
• Level 2: Merchants that process between 1 million Glover was working in software development, his neighbor and CEO
and 6 million card transactions per year of SecurityMetrics Brad Caldwell invited him to work in the cyberse-
curity sector where he has been ever since. Contact him at gglover@
• Level 3: Merchants that process between 20,000 and securitymetrics.com or 801-705-5643, ext. 5643. For information on
1 million ecommerce card transactions SecurityMetrics, visit www.securitymetrics.com.
34
