The TJX incident has become well known throughout the e-commerce community as one of the biggest security breaches in recent years. Starting back in 2005, hackers spent nearly 18 month taking advantage of some insufficient security measures and stole nearly 100 million credit card numbers. The PCI DSS was designed to help prevent security breaches like this, but there is a much larger scope to it, as well.
When TJX was breached and all those credit card numbers were stolen, a few major consequences are readily apparent. The first was the damage done to TJX finances. The company announced that the breach will cost them in the area of 118 million dollars. Other, outside sources, however, estimate the costs as being closer to 1.35 billion dollars.
The second consequence is the damage done to the TJX reputation. Once the news of the breach reached mainstream awareness, how did this affect customer loyalty and consumer trust? This was a huge, national chain. They were supposed to have top notch security. They were supposed to be a safe place to use a credit card. And it turned out they weren't. Once this news comes to a potential customer, will they be as willing to use their credit card there? Will they be trusting enough to leave their sensitive, personal information with the company again?
The third consequence is a little more tangible. Believe it or not, the PCI DSS is for the greater good. In business, that's a pretty difficult concept to wrap a corporate head around. Innovation, competition, positioning strategies to get ahead; these are concepts that make sense to a business. But the greater good? That almost seems completely at odds with normal business practices.
But how viral is suspicion? If a huge company like TJX can be breached, how easily can a smaller company? Or if it can happen to one large company, wouldn't that mean it could happen to any other large company?
These little thoughts can do a lot of damage. As our digital age continues to progress we spend more and more time conducting credit card purchases and card-not-present electronic transactions. This is good for the Payment Card Industry. However, when consumers lose trust in the system, the integrity of the system begins to break down. And this is bad for the Payment Card Industry.
But it's also bad for every individual company who wants to succeed in this modern environment.
If the system breaks down far enough, the damage it could do to your company could be irrevocable.
Enter the PCI DSS.
The Payment Card Industry Data Security Standard was designed by the five major credit card companies to ensure a certain standard of security for credit card transactions. There are 12 requirements to the PCI DSS made up of over 200 individual security controls. The Payment Card Industry mandates that any company that stores, processes, or transmits sensitive credit card data must be PCI compliant. But PCI compliance does not come easily, and fully implementing the security measures can be time consuming and costly.
So is it really worth it? Will it really help your company if you expend vital resources toward PCI DSS compliance when there always seems to be more immediate problems?
Immediate problems demand immediate attention. And while the PCI DSS seems like a great idea in theory, it can often take a back seat to those immediate problems.
The greater good just doesn't seem to have a place in all that.
But the fact is that long term success depends on creating an environment where customers can feel safe. An "environment" is something much larger than a single merchant. And this environment can only be created when everyone is PCI DSS compliant.
About the author:
Andy Eliason is a writer at Main10, Inc. If you'd like to learn more about the PCI DSS or how your company can reach PCI compliance, visit Braintree Payment Solutions today.
Article Source: http://www.Free-Articles-Zone.com
