A cardholder’s worst nightmare is finding out that their credit card information is being used without their consent.This not only results in personal financial loss, but also in loss of confidence in the card market. For vendors, the negative upshot is not only losing existing customers, but it can affect future business as well. This is because prospective customers may not trust vendors who have had people’s financial information compromised.It goes without saying that credit card data breach also exposes merchants to legal liability.
Simply put, credit card data breaches not only affects individual cardholders and vendors, but also the payment card ecosystem as a whole since it causes customers to lose trust in the system.
Potential liabilities as noted by the PCI Security Standards Council
- Loss of confidence, so customers go to other merchants
- Diminished sales
- Cost of reissuing new payment cards
- Fraud losses
- Higher subsequent costs of compliance
- Legal costs, settlements and judgments
- Fines and penalties
- Termination of ability to accept payment cards
- Lost jobs (CISO, CIO, CEO and dependent professional positions)
- Going out of business
The PCI Data Security Standards (PCI DSS) is a set of standards to help merchants and vendors secure card holder data and prevent credit card fraud. The PCI DSS helps the card ecosystem stay healthy and trustworthy. PCI DSS compliance operates like herd immunity for organizations that accepts or processes credit card payments. The ecosystem is only as strong as the weakest link and it is, therefore, in everybody’s best interest to be protected.
If your organization accepts or processes credit card payments for American Express, Discovery Financial Services, JCB International, MasterCard, and Visa Inc., the PCI DSS is not only a recommendation, it is a requirement. In the worst case scenario of non-compliance and data breach, these card companies may even suspend the ability to accept or process payments cards. Staying compliant not only prevents financial loss but also allows for the continuation of your business.
PCIDSS compliance not only brings with it customer confidence, but also peace of mind that your network security is not compromised.You don’t need to figure out which parts of your network must be secured as PCIDSS specifies these areas. Your only concern will be how to implement policies or products for compliance.
As an example, PCI DSS requirements, section11.4,recommend using an intruder detection system or technique to prevent intrusions into your network. Deployinga network security platform that can provide both intrusion prevention and intrusion detection will help you in complying with this requirement. A good example of a product with these capabilities is LightCyber Magna. LightCyber Magnacan detect threats and displays detailed actionable items, allowing you to quickly remediate the issue. With its behavioral profiling capability, LightCyber Magna is able to identify not only intrusion, but also internal threats –including rogue employees or risky activities.
Staying compliant to industry standards is a important tool in network security. Not only does compliance with the PCI DSS help you in ensuring your network security, but also increases customer confidence in your organization.