What is PCI Compliance?
The Payment Card Industry Data Security Standard (PCI-DSS) is a compliance specification that is intended to help merchants and organizations operate a secure infrastructure that can be used for payments and transactions.
According to a new study conducted last month by Lightspeed Research, PCI compliance is far from ubiquitous among small businesses. The study found that 22 percent of small business retailers were not PCI-DSS compliant, and 14 percent were not sure whether or not they were compliant.
It is alarming that so many respondents were unaware of their network security posture and PCI-DSS compliance status, because customers’ sensitive information and business integrity is at stake.
PCI compliance is different than a state or federal legislative mandate. PCI compliance is enforced by credit card issuers such as Visa and MasterCard and not by the PCI Council that created the standard. Therefore, if a business is conducting transactions using credit cards, then they must be PCI Compliant.
False Sense of Security
The study also found that 55 percent of the respondents were not aware of the security breach disclosure requirements in their state. And when it comes to having a policy to meet those requirements, 40 percent said they had no such policies in place.
As to why PCI-DSS compliance among small businesses is not higher, the size of the organization could be a factor, because a lot of small business owners believe they are too small to be hacked. They believe hackers are only attacking high-profile businesses like Target, which provides a false sense of security for business owners, because everyone is at risk for an attack on security. In fact, hackers find small businesses worthwhile, because they offer the best ROI for a hacker.
What should Businesses Do?
The first step to understanding how to secure your business is to educate yourself on PCI Compliance, major threats to security, and how to overcome them. Security isn’t just a firewall, it’s an overall mindset.