Next Merchant Challenge: PCI Compliance

In an age where identity theft is on the rise and unsettling, large-scale breaches of security are making headlines all over the place (such as the infamous hacking of Sony’s PlayStation system earlier this year), the Payment Card Industry (PCI) is now requiring that all merchants who accept Visa, MasterCard, American Express, Discover, and JCB cards make their systems PCI Data System Security (DSS) compliant. This is according to a recent article by Reuters.

Reuters also reports that PCI DSS compliance entails putting a set of 12 specific security requirements into effect that serve to protect credit card data as well as secure payment applications and PIN devices. This, according to www. pcicomplianceguide.org, “applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.”

These requirements must be met immediately or merchants, again according to the aforementioned website, “may be subject to fines, card replacement costs, costly forensic audits, brand damage, etc., should a breach event occur. “ In and of itself, PCI DSS compliance is not a law.

Nor does PCI DSS compliance necessarily mean, according to the general manager of the PCI Security Standards Council Bob Russo, that a merchant or organization is properly secured. In an email interview conducted by Zdnet, Russo stated, "organizations must go beyond simply striving for a Report on Compliance (ROC) and focus on strong security measures. Compliance and security are two separate things. You need to build security into your daily business process."

What PCI DSS compliance does do, however, is go a long way towards increasing the odds a merchant’s system won’t be hacked. "It is a solid group of recognized best practices that can be used as the foundation for a more comprehensive security program," explains Russo.

Whatever changes must be made to comply, it certainly behooves merchants to implement PCI DSS. As Russo points out on this subject: "your customers, your shareholders and those that you do business with all have a certain expectation of diligence, if they trust you with certain sensitive data. You must do everything you can to honor those obligations because if you lose the data of your customers, you can suffer financial damages and the tarnishing of your brand."

Do you want to take any risk on your personal brand? You decide, in the end. Something very basic to you- your identity- is left hanging on the line. PCI Compliance might be your best bet.

Bryant Park

Bryant Park is a financial consultant for one of the companies listed on Wall Street. He writes on a variety of topics ranging from credit cards to different loans that can be availed by consumers. He holds a bachelor degree in Financial Services from Dartmouth College.