Ok, so we know it’s unlikely that you considered including PCI DSS compliance in your list of New Year resolutions this year. It’s probably not on your radar as much as it is ours and besides, it can appear even less appealing than eating healthy and avoiding chocolate, right?
But perhaps you should have a rethink. Cyber attacks are on the rise. In 2016, it is estimated that UK businesses were targeted 230,000 times each on average* with even more predicted for 2017. So why not make this the year that you get to grips with your card payment security and your PCI DSS compliance?
If you’re like the businesses we meet, then one of the following is probably putting you off:
1.You’re not sure if PCI DSS compliance applies to you
A common myth is that PCI DSS regulations are only for big companies and e-commerce businesses dealing with lots of card transactions. In actual fact any business that offers to take card payments needs to comply with PCI DSS even if they only process a handful each year.
2.You think the PCI DSS regulations are too difficult to implement
We know from our experience that the road to PCI DSS compliance, particularly for smaller businesses, is daunting. For starters, there are the 12 requirements you have to have in place (listed here) in order to comply with PCI regulations. Then you have to work out which merchant level and compliance validation requirements apply to your business and if you’re eligible for self-assessment then you’ll need to decide which self-assessment questionnaire (SAQ) you should complete. All of which can be tricky.
For larger businesses that process more transactions, the systems that need to be implemented can be complex and there is often the issue of who will take ownership of the project and oversee procedures as they develop.
There are organisations out there that can offer you the support and expertise you need to make your goal of being PCI DSS compliant in 2017 much easier to achieve. The PCI Security Standards Council provides in-depth information and advice in their document library here . As they say ‘The standard works for some of the world’s largest corporations. And it can work for you’. In addition to this, there is guidance on the process of becoming PCI DSS compliant here on the Visa Europe website.
3.You think that PCI DSS compliance will cost too much
We all know that nothing comes for free. Depending on the procedures that need to be implemented and the changes that need to be made, there may be costs associated with making sure that your business is complying with PCI DSS, be it investing in new software or staff training, through to expanding your staff resource to oversee the project. That said, these costs will be nothing in comparison to the hefty fine you’ll receive should your data be breached in addition to the damage to your business’s brand which may be irreversible.
There are companies, like us, that can help. We provide phone and online card payment platforms to de-scope you from your PCI DSS responsibilities so that you don’t have to worry about them. We are Level 1 compliant and can create solutions that fit seamlessly with your existing system. You can find out more about us and what we do here.