Sunday, January 20, 2013

Business Protect Its Customers

(PCI For Short) payment card industry, regulates the payment card data security process. PCI, first introduced in 2006, provides merchants with guidelines on how to prevent, detect and react to security breaches. PCI compliance is designed to provide merchants customers with the comfort that their data is protected. Last year a survey revealed that PCI compliant businesses are less likely to experience data breaches. However, it also showed that 85% of businesses experienced a data breach in 2011.

While the industry ha run high-profile campaigns to educate businesses as to the requirements, some, particularly SMES, still find PCI compliance difficult to understand. Many of the letters of explanation sent by card services providers are full of incomprehensible jargon and make compliance seem complicated, when in fact, it is very straightforward.

Why PCI Compliance?

Quite simply, merchant need to understand that every time they take a card payment, personal data is captured and processed. This could be subject to fraud if not held securely which can be costly for both the business and its customers. What's more, PCI applies to every merchant that takes card payments, whether that is a freelance hairdresser or a company selling its wares online.

How to become compliant

Many merchants avoid PCI compliance due to the perceived time and expense it entails. In reality, becoming compliant can be very easy. Merchants need to demonstrate their compliance by being certified by an independent Quality Security Assessor (QSA), and this certification should be renewed annually. Online businesses may also be asked to undergo a vulnerability scan. This requires them to log into a website which will assess whether there are any holes in their security that need to resolving. The length of taken to achieve compliance will vary according to the number of security threats revealed by the scan.

How much will it cost ?  

Charges are difficult to predict. They depend on factors including business type, the number of annually processed transactions and existing IT infrastructure. on- Line and telephone order merchants can generally expect to pay more than face to face retailers.

How do I prepare my business?

Traders can also ease the process of compliance by ensuring basic security is in place when handling card transaction. They should, for example, sue regularly updated anti-virus software, train their staff on security issue and properly secure any media that holds personal data.

what if I don't comply?  

If businesses avoid PCI, the cost, in terms of time and money, could be detrimental. Merchants beaching data security face significant fines, extensive legal fees and long-term damage to the reputation of their business. And, while PCI DSS is not a legal requirement, non=compliant businesses can have the right to handle card transactions withdrawn. 

Small businesses shouldn't feel alone in PCI compliance. Seeking out a card services provider that will help with the administration is a valuable first step. The best will provide support, taking merchant through the set up precess, and will work had to minimise costs. It is important remember that PCI is no longer a choice. Large businesses might recover from the effects of a security breach, but for SMES and start-ups, the consequences can be crippling. 


No comments:

Post a Comment