If you already know about
PCI Compliance
but are yet to take action then you need toreally understand why the importance of PCI Complianceand how it can save you moneyand make you money.The Payment Card Industry Data Security Standard (PCI DSS) is a collaborative effort toachieve a common set of security standards for use by entities that process, and store payment card data. There has been a lot of talk about how effective PCI Compliance isand will it really protect you and your customers. What you need to remember is that PCICompliance is not the end all of security. Security is a mindset and nobody can ever saythat they are perfectly secure. PCI Compliance is the first step to building up your security by following the current security standards and scanning your servers for vulnerabilities.Here are some great statements by Michael Dahn
of PCIAnswers.com about Compliancevs. Validation and Compliance vs. Security
:
“There is a difference between ‘compliance’ and ‘validation’. Compliance is a state of being, one that must be maintained at all times. Validation is a point-in-time check on thatstate of compliance. The example I give is auto insurance. In order to comply with statelaws I must maintain auto insurance at all times. When I go to register my car I have toshow proof of insurance. I am validating my compliance with the law. What if I decideto cancel my insurance because it costs too much? Am I still compliant? No. Now, Istill validated, but remember validation is a point-in-time while compliance is measuredday by day.Another thing to remember is that compliance, even the continuous state of compliance,does not equal security if not done right. If a company focuses on check box complianceand doing the minimum they may be able to complete the baseline audit, but does thatmean they are properly managing their risk and protecting payment card data? Let meexplain, I’ve asked many people, “can a firewall be used to segment a network?”Everyone agrees YES, but they are wrong. Only a
properly configured
firewall cansegment a network. So if I check the checkbox saying that something is out of scope of the audit because it is segmented off, the question remains: was it
properly
segmented?Did you really eliminate known attack vectors?”So ask yourself what your mindset is and where you are with the PCI Compliance andsecurity realms of your business. Becoming compliant and secure takes time and somemoney, let’s be honest. The amount of money and time you spend will save you in thelong run and here is why.
•
First of all if you are hacked and something does happen with your customer’s personal and private information you could potentially be liable for the moneyand information lost. Also imagine the PR nightmare.
•
Next think of all the sales that you are missing out on by providing trust andconfidence to your visitors because you are not showing them that your site issecure and that they can trust you.
Leave a Comment