You’re PCI compliant so now what?

The holidays are here and card not present fraud is especially prevalent at this time. Protect yourself
The holidays and protecting your business from card not present fraud
November 27, 2018
Biometric technology has the power to take a bite out of card not present credit card fraud
Can biometric technology help with card not present security
December 11, 2018
The holidays are here and card not present fraud is especially prevalent at this time. Protect yourself
The holidays and protecting your business from card not present fraud
November 27, 2018
Biometric technology has the power to take a bite out of card not present credit card fraud
Can biometric technology help with card not present security
December 11, 2018
Show all
You're PCI compliant. That's great! But what about the other 364 days of the year?

You're PCI compliant. That's great! But what about the other 364 days of the year?

You are PCI compliant. When you get that certification it feels good. It can be a frustrating process and could be the culmination of a lot of time and effort. Of course you know that being PCI compliance not only gives you a boost since your customers know that you take security seriously but it lessens the chances of a data breach. So, once you are PCI compliant what comes next?

Well, you shouldn’t rest on your laurels. You remember when you bought a car and were told that the value decreases significantly as soon as you drive off the lot right? PCI compliance is somewhat the same. Action could be required as soon as you are certified. With security things change quickly.

Many businesses are geared toward meeting PCI compliance but what happens in the time between now and the next time the assessment is given? Many businesses lax their standards. In a report regarding data breaches Verizon found that every breach that occurred of a business that had was PCI complianct had gone out of compliance since the assessment was given. Verizon found that lower compliance levels were found in 10 of 12 metrics.

This does not necessarily mean that anything went intentionally lax. There is the possibility that something new to the system was added unbeknownst to the powers that be. The audit found a few examples of non-compliance and one included a lazy IT admin who got tired of going up and down 3 flights of steps to get access the server and installed a wireless router to access the server easier. This was detected when the organization tried to gain an exemption from the PCI wireless requirement and the rogue network was discovered. By not knowing that the network was there the company failed their PCI check.

Security is not something that should be forgotten about. A merchant should always be worried about it and by worrying about it they will be more conscious of it. The easiest thing that you can do is to make sure that your computer systems and software is up to date. Keeping the data secure can be expensive and it can take time to do it properly but it is not something that should be ignored. Every merchant should strive to be PCI compliant 12 months and 365 days out of the year, not just one day per year.