Resources

{ Banner Image } Print PDF
Share
Subscribe to Publications

Protecting Your Consumers' Data: PCI Compliance as a First Step

March 12, 2012

Organizations that accept credit card payments have access to consumers’ sensitive data and should be complying with the Payment Card Industry Data Security Standards (PCI DSS). A recent study by visa.com indicates that online sellers processing $20,000 to $1 million per year are only 60% compliant with PCI DSS. All sellers (both online and offline) processing less than $1 million per year are only moderately compliant with the standards.

The major credit card companies formed the Payment Card Industry Security Standards Council (PCI Council) in an effort to secure credit card and other sensitive data and to provide guidelines for sellers processing credit card payments. The PCI DSS requirements apply to anyone accepting, transmitting or storing cardholder data. Failing to maintain PCI DSS compliance could result in fines up to $100,000 per month, termination of processing rights and increased transaction fees.

The PCI DSS applies to businesses, both large and small. PCI DSS requires small-to-medium sized level 4 merchants to, at a minimum, successfully complete a PCI Self Assessment Questionnaire (SAQ) once a year. For businesses that also store payment card information electronically or use the internet to process payments, a quarterly scan by an Approved Scanning Vendor is also required. For the SAQ, merchants must also review, disclose and potentially remediate a host of requirements including: firewall configurations, physical access to cardholder information and test security systems and processing. With only moderate compliance being reported in level 4 organizations, those that are PCI DSS compliant may gain a competitive advantage by touting that fact to the consuming public.

Though the requirements of the SAQ will vary depending on the particular organization, the intent of the validation tool is clear: to protect consumers' payment card information, to avoid loss of reputation and to prevent potential financial liabilities and litigation. Small and large businesses alike that process payment cards should attain PCI DSS compliance. The costs to comply are low, but the risk for non-compliance and breach could be significant.

For more information on PCI DSS, visit the official PCI Council website. For strategies to comply with PCI DSS and other data protection laws that apply to your organization, contact your Miller Canfield attorney.

 

Miller, Canfield, Paddock and Stone, P.L.C. Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek