In the wake of headline-grabbing thefts of confidential data from large retail and financial institutions during 2008, the Payment Card Industry (PCI) Security Standards Council (founded by industry leaders like American Express, Visa and MasterCard) have revisited the Data Security Standards (DSS) established in 2007. Their findings have produced new, tougher guidelines, i.e. standards that will require many businesses –large and small—who are engaged in e-commerce, to make additional investments in their data protection systems.
Spurred by the need to shore up security and bolster consumer confidence in Web-based business transactions, the new measures, Version 1.2, will kick in after the first quarter of 2009, and will affect any company that uses e-commerce transactions. Compliance with the PCI standards will be virtually mandatory because the large credit card companies will require all merchants and businesses that process, store or transmit payment data on behalf of their cardholders to comply with the tougher PCI data security standards. In other words, if you want to continue to do e-business with the card holder companies you’ll need to meet the standards they set.
It is important that small business owners review the PCI Security Standards Council’s Version 1.2 requirements carefully, seeking the help of out-sourced technical experts—if needed—to make sure their systems are in line with the tougher specifications. Here’s an overview of the changes:
Security threats to online transactions will continue to evolve. The money involved in making technology upgrades pales in significance to the cost of making restitution for stolen customer data - and the loss of public confidence in Web-based businesses. Today’s modern merchants have no option but to keep current and stay one step ahead of the data thieves.