One of the most valuable commodities in this day and age is your own personal information. The more we make purchases over the Internet or over the phone, in other words: not in person, the more important that information becomes.
However, as security breaches receive more coverage and are more well known to the public, trust in the current security measures is coming into question, and the need for stronger security and standardized tools and controls became necessary.
Enter the PCI DSS, or Payment Card Industry Data Security Standard. This was created by the five major credit card companies as a guideline to help merchants and other companies implement the necessary hardware, software, and other procedures to guard sensitive credit card and personal information.
The encouragement to achieve PCI compliance comes in a couple different forms: benefits and mandates. The mandates are the requirements of PCI compliance, and attached to them are some very strict and specific penalties. These could include fines as high as $500,000 per incident, and the loss of the ability to accept credit cards at all.
On the other hand, there are a number of PCI compliance benefits that should be as much of an incentive, if not more so, than the penalties. It merely requires a proactive understanding of the long term benefits of compliance. Some of these benefits, you will find, are somewhat more intangible than others, but that doesn't make them any less valuable.
The first and most obvious benefit of PCI compliance is a simple matter of trust. What if your company was the one that recently suffered a major security breach? What if you had to live with the stigma of "the company that lost thousands of credit card number"? Could you ever live it down? Could you survive the fallout?
A giant company may be able to weather the storm (as has been seen in some recent cases), but most companies need to focus on building lasting trust from the beginning. Being PCI compliant can help you achieve this.
More tangibly, merchants who are PCI compliant are offered protection from the fines if you should happen to be breached. If you are compliant at the time you suffer an attack, you can have a sort of safe harbor.
At the moment, these "carrots and sticks", or mandates and benefits, are assumed to be enough to encourage merchants to gain PCI compliance. But if it turns out, in fact, to not be enough, the PCI Security Standards Council will likely change the measures of encouragement. The reason for these measures is that trust is the only thing that will propel the online industry forward. If customers lose their trust in the system, they will find alternate methods to do business.
It is a difficult thing in the naturally competitive environment of online business to consider something as nebulous as "the greater good", but in a world where personal information is so valuable, creating an environment where that information is utterly secure should be a top priority.
Andy Eliason is a writer for Main10, Inc. If you'd like to learn more about PCI compliance, or how to become PCI DSS compliant, visit Braintree Payment Solutions today and find out what they have to offer.