What is PCI DSS?
The vast majority of stolen data is credit and debit card information. In 2011 alone, some 3.4 million credit card numbers were compromised, according to the Identity Theft Resource Center (ITRC). The massive breaches that make global news—Sony, TJ Maxx, MasterCard, Visa—are typically just that kind of theft, when thousands of consumers’ credit card information is stolen by hackers or malicious software. Security breaches are devastating not only for consumers whose information is compromised, but for the companies as well, which stand to lose millions in current and potential business.
In order to combat this rising credit-card theft, the five major credit-card companies– American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc—created a coalition called the Payment Card Industry Security Standards Council to create, enforce, and periodically update a new set of data-security rules for companies to protect valuable credit-card information.
Who needs to be PCI DSS Compliant?
If you store, process, or transmit credit or debit card information, you are subject to PCI DSS compliance regulations. PCI DSS assigns companies to levels based on the number of payment card transactions processed along with how the organization stores cardholder information.
Businesses that process fewer than 40,000 credit card transactions annually are required by PCI DSS to complete a Self Assessment Questionnaire (SAQ) to help gauge their security and identify any vulnerabilities. The SAQ is a robust, in-depth analysis of a company’s network systems and can be as few as 13 or as many as 280 questions—which, combined with the vulnerability assessment itself, can be a daunting task for many businesses.
The TopPatch Difference
We are a full-service data security provider that asses, fixes and manages your individual security needs to constantly be up-to-date with advancements in the latest technologies. TopPatch has a team of seasoned network analysts who use our proprietary tool set to provide proof to the Security Standards Council that a business is PCI Compliant. We also provide the data and network systems to make sure those business have a crystal-clear, moment-to-moment picture of exactly how and where their most sensitive data is being used. The management systems we build endures PCI’s checkpoints, providing executives, managers, and auditors with a complete and accurate understanding of their network security in its most valuable application: consumer data.
Why become PCI DSS Compliant?
Money, legal repercussions, and brand damage are all consequences of not becoming PCI DSS compliant. If hacked, businesses could face hefty fines from the credit card companies for not being compliant and legal action is frequently taken, which could result in losses of hundreds of thousands—if not millions— of dollars. No customer wants to purchase anything from a company that has a history of hacked credit card numbers.
The latest version of PCI DSS, effective January 1, 2012, requires the following:
• Regular vulnerability assessments of network security systems and processes
• Advanced tracking of network resources
• Comprehensive perimeter protection systems
• Encrypted data transmission
• Development of secure systems
• Restricted internal data access
• Self Assessment Questionnaires (SAQ)
