The Payment Card Industry Data Security Standard (PCI DSS) was created to help guide companies toward higher standards of security to protect sensitive cardholder data. Any company that accepts, stores, processes, or transmits sensitive credit card information is required to be PCI compliant or risk a range of stiff fines and penalties – including the loss of the ability to accept credit cards at all.
Planning ahead, then, and preparing your company for the necessary changes required by the Payment Card Industry Data Security Standard is just good business sense.
There are a number of ways to do this. If you're a new company you can include PCI DSS measures from the beginning. If, however, you are a more established company, you must plan for making a relatively painless switch – or risk having a very painful switch forced on you later.
To help companies comply with the Payment Card Industry Data Security Standard the PCI SSC has offered some helps that can assist you in becoming compliant. One of these helps, or tools, is the the PCI DSS Self Assessment Questionnaire (SAQ). This is a tool that not only helps you recognize the aspects of compliance that you may still need to work on, but also lets you demonstrate your compliance with the PCI DSS.
Good documentation is one of the best things you can do for your company. On the road to payment Card Industry Data Security Standard compliance, you will be expected to be able to show your compliance or, at least, the steps you are currently involved in to reach compliance.
Auditors and bureaucrats – just hearing those names are enough to make some business owners cringe. Nevertheless, they are part of becoming compliant, so they can't always be avoided. Luckily there is nothing an auditor or bureaucrat likes better than a healthy pile of documents to sink their teeth into. By documenting every step you take, and what you've done to plan for the next steps, or to comply with the controls, you can make compliance a little less painful.
On the PCI SSC website you can download some documents that can help you plan and prepare for your compliance. These are the Self Assessment Questionnaire, the standard requirements, and the security audit procedure.
When it comes to credit card data security and the documentation that goes along with it, the old saying holds true: "It's better to have and not need than to need and not have."
Yet despite the mandates of the PCI DSS, many companies have still not taken the necessary steps to be PCI compliant. The excuses can be many and varied, including the popular standbys: it's too complex, it's too expensive, it's unlikely, given the percentage of breached to non-breached companies, that my company will be targeted.
The unfortunate truth here is that the Payment Card Industry Data Security Standard can be complex, and it can be be expensive to implement. And, generally speaking, most businesses get so caught up in the day-to-day workings of their company that the thought of spending a great amount of money and resources on defending against an attack that may never happen is a hard thing to justify.
The one thing to always keep in mind, here, is how much worse would the alternative be? If that attack should ever come, not only will you suffer the loss of possibly hundreds of thousands of dollars in fines and penalties, but you will also find yourself with a damaged reputation that could prove irreparable. And that could create a loss that is incalculable.
The same goes for your documentation. If you should have trouble along the road to the Payment Card Industry Data Security Standard, such as a breach or other intrusion, you will be able to show the security council that you were, in fact, doing everything within your power to become compliant.
"You never know" scenarios are never easy sells in the business world. But as we advance further into this digital age, that may be exactly what is needed.
About the author:
Andy Eliason is a writer at Main10, Inc. If you'd like to know more about the Payment Card Industry Data Security Standard, or becoming PCI compliant, visit Braintree Payment Solutions today.
Article Source: http://www.Free-Articles-Zone.com
