PCI Data Security Standard Myths
65The topic of the PCI Data Security Standard is quite popular among the credit card industry these days. Much has been said and commented upon and some of it may have you concerned, but you should know that it isn’t all entirely fact. To really grasp PCI DSS, one needs to be able to distinguish between many myths and facts that surround it. Listed below are five myths of PCI compliance that you may have come across.
Myth: PCI compliance is too hard and too expensive
Understanding the PCI Data security standards can be confusing, but in all actuality PCI DSS is just basic security practice that all businesses would want to take anyway in order to protect sensitive information and stability of operations. There are many services and products out there to help businesses with meeting the 12 requirements of PCI DSS. When people refer to PCI as “too hard”, often what they really mean to say is that compliance is “too expensive”. But you should know that the cost of not being compliant may far outweigh these costs. You should consider the cost of getting your business back up after security attacks, not to mention fees charged for fines and legal fees.
Myth: PCI Scanning is enough security
PCI scanning is
just part of it. Security breaches are constant and get stronger all the time.
PCI compliance efforts have to be a nonstop process of evaluation and
remediation to ensure safety of cardholder data.
Myth: PCI compliance is an IT project
In a business the IT staff implements the technical and operational projects of the business. But PCI compliance is much more than just a project. It is an ongoing program, which includes assessment, remediation and reporting. The risks of a compromise are financial and reputational ("brand") and therefore affect the institution as a whole.
Myth: PCI compliance is unreasonable and requires too much
Many aspects of PCI are already common practice. Standards actually permit compensating controls to meet requirement. PCI DSS significantly benefits merchants, because it gives you that extra security not to mention it is required. Why wouldn’t you want something to help you avoid the risks that are associated with non compliance?
Myth: We don’t accept enough credit card payments to require PCI compliance
Even if you make just one transaction then you require PCI compliance because it is required for any business that accepts payments.
Hopefully these facts concerning some of the myths you have come across will help you be able to become PCI compliant. You should know that complying with the PCI Data Security Standard is required, so don’t delay.
Great PCI Links
- PCI Compliance from Trust Guard
Trust Guard Website Verification and PCI compliance improve credibility, build customer trust, and increase conversions and Sales! Compare us to McAfee Secure (Hacker Safe), Truste and Control Scan and save! - Website Verification and Trust Seals - Zimbio
Learn about how to make your website safe for your online customers. You can increase sales by building confidence and trust in consumers, by using trust seals. - PCI Security Standards Council
All your questions answered about the PCI data security standards and PCI compliance.
PCI Poll
Has this article answered your questions in regards to myths of PCI Data Security Standards
See results without votingPrintShare it! — Rate it: up down flag this hub
Comments
A little more for me to understand but I am getting there will follow up some links to try and get my head around it all, but thanks for sharing this with me.
websitesecurity says:
5 months ago
There is so much out there on PCI Scanning right now and it's hard to know what's true and not true, so this is definitely a big help!