Questions? Contact Us

 

Latest News

Featured News & Events

Think PCI Compliance is challenging? Try understanding the fines.

The Payment Card Industry (PCI) Security Standards Council is the governing body who establishes the policies that all merchants that process credit cards – large and small – must follow. The idea is that by following the requirements set in the PCI Data Security Standard, merchants can better protect themselves against cyber attacks and thieves trying to steal customers' credit card data.

The challenge is that can be very difficult for organizations to implement the actual DSS requirements, figure out what controls are necessary, and which of their systems must be protected. This is especially true for smaller businesses that lack dedicated IT and Security staff.

Like anything in the world of IT, much of this evolves over time – from the standard itself, to the card reading technology, to the credit cards themselves. And as columnist Evan Schuman recently wrote in Computerworld, many developments lead to unintended consequences that only add to the complexity.

Think about it. If Home Depot couldn't get it right, what chance does the average mom and pop business have?

Obviously, data breaches and the theft of customers' credit card data are costly events in real dollars, lost business and damaged reputations.

But businesses must also keep in mind that there are costs for being non-compliant with the PCI-DSS standards.

For example, the payment brands – Visa, Mastercard, American Express and others – can fine banks anywhere from $5,000 to $100,000 per month for violations of PCI compliance. The risk is that the bank will pass the fine on down to the merchant.For smaller businesses, such a fine can be crippling.

Non-compliance fines and fees usually follow a merchant being compromised or having some incident that brings their non-compliance to the attention of the card brands.

When a merchant is compromised there are many expensive things that will follow. These include the merchant instantly requiring a full PCI Level 1 validation by a Qualified Security Assessor (QSA) and hiring an authorized forensics incident response firm. Merchants can also be required to pay the card brands a fee for every card lost to be reissued, the cost to provide customers credit protection, and other fees. Add it all up, and the total cost of an incident can easily go into the hundreds of thousands of dollars.

To make matters worse, such fines are not imposed or even regulated by PCI, rather they are left up to the discretion of each payment brand. As PCI advises in their FAQ, "For more specific information, please contact the individual payment card brands." But good luck trying to find clear, definitive guidance in any single place on the payment brands' websites.

Fortunately, there is a better way forward.

For smaller to medium-sized businesses especially, all of this risk, uncertainty and potential cost really underscores the value of selecting a trusted partner to assist them with their PCI compliance initiatives.

PCI Level 1 Service Providers like ZZ Servers can securely host a merchant's systems for them – ensuring they pass their PCI compliance audits and then maintaining optimal security ongoing.

Because it seems the only thing more complicated than figuring out PCI compliance itself getting clear guidance on the fines for non-compliance. Avoid the risk and work with the experts.

Who enforces PCI compliance?
For businesses breached, the meter keeps on runnin...

Related Posts

 

Tag Cloud

cyber monitoring TiaraCon ipad command line cyber protection Online Business IT solutions David Zendzian Small Business employee training physical Compliance HIDS Internet infrastructure dss HIPAA Scalable Redundant Cloud Infrastructure IT Solutions DRP log files Hosting mail server IT security members area assesment lamp CentOs Geekend cyber liability insurance IT services black friday Las Vegas PCI Compliance compliant hosting Credit Cards Xen hosting control panel motivation eCommerce vyatta router firewall filter security PCI HIPAA shared secure hosting data privacy ZZ Servers Co-Founder vulnerability scanning teensy Internet Corporation World Backup Day protect data blackberry OSSEC Web Hosting Cybersecurity Business Planning vps trends cloud apache Credit Card Security Domani Names IT Services ZZ Servers multi-factor authentication spam Shmoocon healthcare solutions Internet spoofing password two factor authentication intrusion detection Control Panel Linux video PCI Solutions support social engineering Security INFOSEC cloud infrastructure shared hosting Health Insurance Portability sender policy iphone recovering data computer networks Healthcare Records Announcement Cloud Computing Health Care Cybersecurity Presentation Positive Customer Impact Server Mangement exchange PCI HIPAA solutions windows 7 Charleston follow.The HIPAA Privacy Rule health care providers data breach caller-id cyber kerio malicious software bash Information Technology SSL email accounts openssl BSides Medical Records cyber security PCI Service Provider Vulnerability Home Depot Breach amazon ec2 phishing attacks IT Hackers anti virus arduino Interworx-CP TLS HIPAA Solutions PCI Audit Debian personal information compliance PCI DSS 3.2 education GDPR qsa information technology Car Hacking embedded InterWorx shared folders shared server change backup solutions passwords Alarm activesync management Business Solutions Disaster Recovery Plan small business infrastructure Assigned Names cyber monday Payment Card Industry search Medical Solutions data protection business solitions cybersecurity phishing Reports Accountability Act Ubuntu dsbl cli PCI Hosting logical security business community permissions VPS Servers network computer security security Cybersecurity Business Solutions safe computing PCI Data Security Standards QSA Email security circles PCI compliance spf eCommerce Solutions businesses DEF CON ICANN Zendzian Firetalk business solutions credit cards stolen computing in the cloud National Cyber Security Awareness Month Windows credit card cell phone email Continuous Monitoring smartphone HIPPA business Sysadmin pci complliant hosting physical security credit card payment