Latest News

Achieving PCI DSS compliance might sound daunting but it’s a valuable tool for fraud prevention and data security. It applies to most businesses and being PCI DSS compliant is basically non-negotiable for many organisations. 

The rest of this article is focussed on answering the most common questions business owners and operators have about PCI DSS compliance, including its benefits, costs and consequences for non-compliance.

What is PCI Compliance? 

The Payment Card Industry Data Security Standard (PCI DSS) is a framework that can apply to all companies that use credit card information. If you sell products or services to customers and allow them to pay via credit card, then the standard applies to you.

The purpose of PCI DSS is to have a standardised set of rules that govern how customer credit card information should be processed, stored and transmitted. These are designed to reduce credit card fraud. The framework was created in 2004, and it is managed by the PCI Security Standards Council.

What are the top 5 benefits of PCI DSS compliance?

Getting PCI DSS compliant might seem like a big undertaking. So, you might understandably be asking ‘what is the benefit to my business from doing this?’.

There are five major benefits that that PCI DSS compliant businesses have over those that are not:

1. Demonstrated security - By having the PCI DSS ‘tick’ you can demonstrate to your suppliers and customers that you have the highest level of payment information security with reference to a long-established and trusted industry standard.
2. Vigilance - Attempts to steal data and money are not going to go away. PCI DSS compliance is ongoing. That means that it helps you proactively identify and eliminate any weaknesses in your processes. And that means you are less likely to suffer from data theft and losses of your customers most sensitive payment information.
3. Reputation - Reputation and trust is hard to establish and maintain. Holding an industry recognised compliance certification can signal to your stakeholders that your business is committed to the highest standards.
4. Time saving - The steps that you take to obtain your PCI DSS compliance can also have benefits for other mandatory and optional certifications that prove your organisational security and efficiency. The processes and procedures you put in place to get this certification can often be used to streamline other applications.
5. Cost - There are obvious indirect cost savings from proactively preventing the issues that come from data breaches. There are also likely to be direct cost savings for things like insurance premiums that cover financial loss from malicious actions if compliance with independent standards is demonstrated. 

Is PCI DSS mandatory? 

In practice, yes, the PCI DSS applies to any organisation that acquires, stores or transmits the data held by the holder of a credit card. That means that theoretically, a business that has one transaction from one cardholder for any dollar value is included.

Event through it is not the law in Australia, the way this effectively becomes mandatory is that companies like Visa or Mastercard will include terms in its contracts requiring compliance with the standard to access their card networks.

What if a company is not PCI compliant?

On a practical level, not being PCI compliant will probably mean that you won’t have access to one or more of the major card networks. With Visa and Mastercard issuing the vast majority of all credit and debit cards in Australia that would be a major hindrance to any business.

Non-compliance with the standard can result in the governing body for the PCI DSS fining the bank of the organisation between $5,000 and $100,000 per month. The bank would typically pass on this cost to the offending organisation.

Who regulates PCI DSS?

The framework was created in 2006, and it is managed by the PCI Security Standards Council. That council was created by and is still funded by the major card networks (e.g. Visa, Mastercard and American Express). These founding card networks are also responsible for enforcing compliance with PCI DSS.

How can I get PCI complaint? 

PCI DSS compliance is a valuable asset for any business, and also gives you additional benefits when it comes to preventing card fraud that could hinder or harm your business and its relationships.

As information management and cyber security specialists, CyberUnlocked are experts in helping businesses get their processes and data security right to increase their chances of getting their PCI DSS compliance faster, and with less fuss.