PCI Compliance: What Is It? And Why Is It Important?

Maggi,  June 30, 2014

This is the fifth and final post in our series about data security for small businesses. To find out more about the series and see a list of posts, go to A Terrifying Statistic for Small Businesses. You can also read our previous posts on encryption for businessesbacking up your small businesspassword protecting your business and protecting your business in the cloud.

As more and more businesses are accepting card payments, compliance with the Payment Card Industry Data Security Standard (PCI-DDS) is becoming increasingly important in protecting businesses and consumers from data theft and fraud.

The PCI-DSS is a set of practice standards designed to help protect businesses and consumers when using cards to make payments online or in person. Making yourself compliant reduces the chance of losses through fraud and helps protect your reputation with your customers.

Do you remember when the US store chain Target had a data breach last year? 40 million credit and debit card numbers were stolen, and 70 million sets of customer information were hacked as well. How did this affect Target? Their Q4 profits dropped by a whopping 46% from the previous year. It was so bad that the chief executive resigned. It should be obvious why using PCI standards is a must!

However, according to the Sage Payments Landscape 2014 report, only 38% of businesses thought they were PCI compliant—42% didn’t know if they were, and 21% admitted they were not. That’s a lot of businesses that are at risk, both for data theft and for a serious dent in their reputation.

Luckily, there are easy steps you can take to make sure your business is compliant with the PCI standards:

Assess: make sure to identify cardholder data that you hold or come into contact with. Take an inventory of your IT assets and payment systems and examine them for any weaknesses that could expose your customer’s data.

Remediate: fix any vulnerabilities and do not store cardholder data unless you absolutely need to. The less time you have a cardholder’s data, the less chance there is for it to be stolen.

Report: submit amended records and compliance reports to your bank and the payment brands you do business with. This builds trust between everyone and helps make card payments safer for everyone.

At SmartTrade, we undertake every effort to ensure that we are compliant and that our users’ data is super secure. If you’d like to find out more about how you can make your business PCI compliant, you can check out this handy self-assessment questionnaire.

Image credit: Lendingmemo via Flickr Want to keep up with Dann? Follow him onTwitter or circle him on Google+!.

Related articles