A common misperception among many is that an exercise in PCI compliance represents an indication you are ‘in compliance’ and can rest easy for another year.
What is PCI Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID.
It is important that you and all of your employees understand what PCI compliance truly means. The exercise of determining your PCI compliance is designed to let you know if all reasonable steps are taken to keep your customer transactions as risk-free as possible. The exercise is simply a snapshot in time. It may be perceived as an indication of your potential for executing best practices. Remember that PCI compliance is an ongoing state. A positive result from a review shows only a snapshot in time. When a breach occurs, almost by definition, your company is not “compliant.”
What PCI Compliance is not.
In any way a certification of compliance or in a real-world sense: You and your employees can rest easy another year that you are ‘off the hook’ for dealing with cyber liability/data breach issues stemming from an electronic financial transaction through your firm. Best solution for minimizing your risk in processing financial transactions is to maintain diligence in your employees awareness for appropriate processes.
What do I need to do?
1) If you are new to the game review in great detail the Standards for PCI SSC. 2) Maintain proper training of all staff that handle merchant transactions. 3) Ensure all required reviews are done regularly. 4) When purchasing cyber liability insurance coverage, ensure you are not subject to a PCI warranty. Some insurers’ applications contain PCI warranties outside the policy form. Whenever possible negotiate or tell your agent you strongly desire to avoid such a stipulation. More insurance information can be found in my article Cyber Liability Part II: Insurance.
Scott Graves is passionate about helping business owners. Tune in to his show ‘The No Boundaries Radio Hour’ with co-Host Dennis Mannone on the No Boundaries Radio Network. Meet him at the crossroads between strategy and innovation at scott@smgravesassociates.com or twitter @smgcreative.