It's extremely important in the wake of the recent hacking scandals for retailers to confirm that they are in full compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI was created to provide safety and security guidelines for businesses using credit card processing point of sale tools.
PCI was established in 2005 to effectively unify and standardize safety requirements for all major credit card brands. Before that, security standards were established only with regards to specific credit card brands, making adherence difficult and confusing for both retailers and customers.
The new version of the guidelines, PCI DSS 3.0, went into effect at the beginning of 2014. However, company owners are given a year's worth of leeway to learn the new standards. Therefore, retailers can follow the 2.0 rules for the remainder of this year, but must comply with the 3.0 version by 2015.
Security officials are increasingly recommending the dual practice of accepting EMV cards, which are chip-based as opposed to the traditional swipe card, and following PCI rules to the letter. Both of these precautions can greatly reduce the risk of a security breach. Companies will be expected to adopt EMV payment methods by October 2015 in order to fully protect the American consumer.
Mark Burnette recently wrote an article for Help Net Security, stating, "While it may feel like another hoop to jump through at times, the PCI DSS can be a real asset to businesses. The rules provide useful standards for robust and practical data security. When put into place, the rules can help protect you and your customers, making security part of your day-to-day business."
Be sure your credit processing software is PCI compliant, or you could be facing unnecessary financial risks. Noncompliance can result in fines amounting to anything from $5,000 to $100,000 a month, with the cost increasing if your company experiences a security breach.