PCI DSS are six little letters that seem to confuse, frighten and frustrate in equal measure. We explain the what and how of data security, but most importantly the why.
The Payment Card Industry Data Security Standard (PCI DSS) is about protecting sensitive card data. That’s principally the account number, expiry date and three-digit security code.
Criminals love to get their hands on this information. They can use it to make fake cards, to get cash out of ATMs or buy things to sell on. Sometimes they sell the data itself to others who do this.
If they can steal all the data from the card’s magnetic stripe and customer PIN numbers, so much the better. It’s worth more on underground forums because buyers can do more with it.
It’s a criminal’s job to be cunning and resourceful. They look for card data wherever it is – on point-of-sale systems, back-end servers, databases or even card terminals – and steal it any way they can.
PCI DSS has 12 requirements for securing card data. So yes, PCI DSS is about security and thwarting professional data thieves. But more importantly it’s about trust.
This is one of the great intangible assets of business in the 21st century. Trust is difficult and time-consuming to build but all too easy and quick to lose. Trust is as important to small companies as it is to big ones, perhaps even more so.
It’s the same with data security. When competitors are only a click away online, PCI DSS is about your ability to trade and keep trading. It drives business resilience, securing your customers’ trust as well as their data, and protecting your brand and reputation. Ultimately this flows all the way to your bottom line.
Almost every business today is in the data business to a greater or lesser extent. Every business holds data on customers, staff, suppliers and partners. Most hold payment card data. Almost every business also holds blueprints, technical specifications, strategic and marketing plans.
If something has commercial value to your business, it also has commercial value to someone outside your business. Securing your data, whether it’s sensitive card or non-card data, makes good business sense. PCI is really just good BAU.
How Cashflows can help
Cashflows is here to help with any questions you have about PCI compliance. Simply email the team at firstname.lastname@example.org, or speak directly to your dedicated account manager.