In today’s global economy, commerce, technology and data come together in the form of a thin rectangle of plastic — the ever-present credit, debit or payment card. These cards are used approximately a billion times a day, which translates into a lot of activity and a lot of data about the card, the cardholder and the transactions. And with the increase in security threats, it’s critical that organizations in the payment card industry develop and maintain secure systems.
Fortunately, there are technical and operational standards, called the Payment Card Industry Data Security Standards or PCI DSS, that govern how sensitive personal and financial data is handled, processed, stored or transmitted. The PCI Security Standards were developed by the five major card brands, Visa, American Express, MasterCard, Discover and JCB International to ensure that all companies that accept, process, store or transmit payment card information maintain a secure environment.
The standards apply to merchants of all sizes, financial institutions, point-of-sale vendors and hardware and software developers who create and operate the global infrastructure for processing payments. And anyone who works with payment cards or payment card transactions needs to comply with the standards and requirements and complete annual PCI DSS training.
The standards consist of six goals, each with its own requirements, covering network security,
protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks and maintaining an information security policy.
Building and maintaining a secure network
While having the required processes and procedures in place is critical to protecting the integrity of cardholder data and payment card transactions, so is the human factor in detecting payment card fraud. And conversely, one careless or uninformed decision can disrupt an organization’s operations and impact the entire payment ecosystem.
Further, violations of the PCI Data Security Standards can be severe. Penalties imposed by the payment card companies for violations can range from $5,000 to $100,000 per month, and organizations can lose the ability to accept payment cards.
Regular PCI awareness training ensures that employees and managers understand their role and responsibilities in safely handling cardholder data, recognizing the red flags of fraud and promptly reporting any potential problems. Training is also an effective tool for communicating and reinforcing the organization’s PCI compliance policy and procedures.
Data security and data use principles are no longer the sole province of the IT department. They go to the heart of virtually every part of the organization and all employees have a role in maintaining data security and avoiding the negative consequences of noncompliance. For any organization that processes payment cards or handles cardholder data, providing regular PCI training to employees and managers is a cyber security imperative.
Sign up for a free trial of our Payment Card Industry Data Security Standards (PCI DSS) Awareness Training course: