Most retailers today will likely be familiar with the concept of the Payment Card Industry Data Security Standard (PCI DSS) – a set of rules and regulations set down to ensure the security and confidentiality of consumers who utilise debit and credit card payments.
However there are still many myths and misconceptions regarding PCI DSS compliance that can act as potential pitfalls for unwary business operators.
Here are three of the most common PCI DSS myths.
Once I have achieved compliance, my work is done
Some retailers believe that once they have achieved PCI DSS compliance, they do not need to concern themselves with the issue of payment card security anymore.
However, the nature of PCI DSS compliance is that it is an ongoing requirement, and businesses are required to constantly adhere to these regulations.
Because modern cybersecurity threats are frequently evolving and adapting, it is important not to allow your business to fall behind when it comes to PCI DSS compliance and vulnerability management.
Adhering to the PCI DSS is too expensive and too difficult
Because the PCI DSS is not a one size fits all standard, it will differ depending on the size and nature of each individual retailer.
This can make it confusing for some organisations who do not entirely understand what their requirements are and what they need to do to achieve PCI DSS compliance.
Some retailers also make the mistake of thinking that PCI DSS compliance is too expensive and not worthwhile in the long run, choosing instead to risk the potential fines and legal action that can occur.
In reality, the cost of failing to achieve proper PCI DSS compliance and vulnerability management is significantly higher than the expense of adhering to these regulations.
There are many services available to assist your organisation with meeting its responsibilities, and the resulting benefit to consumer confidence and security should not be undervalued.
The PCI DSS only applies to larger organisations
Many of the more publicised examples of failure to adhere to the PCI DSS refer to larger organisations, multinational corporations that process many thousands of payment cards every day.
Small businesses should not make the mistake of thinking that this means they are immune to PCI DSS compliance, however.
Any retailer who accepts credit or debit card payments – be they operating purely in the online sphere or via a standard brick-and-mortar store – must ensure PCI DSS compliance at all times.