PCI Compliance Can Help Avoid Costly Data Breaches
September 05, 2018
It’s becoming crucial for companies to take seriously the regulations aimed at safeguarding customer data in this era of data breaches. Leaks of credit card data are a nightmare for customers and manufacturers alike, but luckily the major credit card companies saw the importance of cybersecurity more than a decade ago when they developed the Payment Card Industry Data Security Standard (PCI DSS).
Many of these regulations are commonsense safeguards, such as protecting sensitive data with a firewall. While compliance continues to grow, Verizon recently found that more than 40 percent of merchants have failed to adopt the standards. They change regularly, so those out of compliance can fall even further behind. Let’s examine a couple of common mistakes companies make when taking on a compliance project.
Mistake No. 1: Underestimating PCI compliance reach
These rules don’t just apply to major retailers. Manufacturers and distributers who process credit-card payments are subject to PCI DSS. One of the most common misconceptions about PCI compliance includes third-party credit card processing. Even if you outsource processing, you are still responsible for your customers’ transactions. Remaining compliant means ensuring that your processor is compliant, too, both at the time of hire and each year thereafter.
Mistake No. 2: Relying on your IT team to manage the entire process
Some of the most critical PCI compliance-focused tasks will require the skills of an IT expert. However, your entire team is responsible for PCI-compliant processes. Maintaining a security policy and requiring that your employees adhere to it is a PCI compliance standard by itself.
Making sure your everyday processes protect data is important. Companies that accept credit card information over the phone and record customer service calls must be sure to edit out sensitive details that customers provide. Printed documents with credit card data need to have those numbers redacted. Email attachments should be deleted once card numbers are collected. You need the cooperation of more than just your IT team to put these requirements into practice.
Keep access limited
Ideally, you can invest in a Qualified Security Assessor to examine transaction processes and suggest solutions. If that’s not possible, limiting data access can make becoming PCI compliant less of a burden. Examine how credit card data flows through your organization to see if any departments can do without access to that information. At the same time, reduce the number of users who can access sensitive data. This trims down the number of processes that need to be PCI-compliant while also reducing the chances of a data breach due to employee error.
Awareness is your best defense
Falling victim to a data breach can have serious consequences. By understanding how PCI compliance affects your operations, reducing the number of departments affected and training those with access to be vigilant, your team can avoid a costly misstep.
Read the full article from Stevie Hay in Manufacturing Business Technology.