k-eCommerce is proud to announce that it is officially PCI DSS 3.1 compliant. We take online security very seriously and that is why since 2013, we have followed a formal audit process to ensure our compliance to this very important security standard. This ensures that anyone selling with k-eCommerce can feel confident that their customers’ credit card data is handled with the utmost security in place.
What is PCI DSS 3.1?
PCI DSS is a security standard that is enforced by the PCI Security Standards Council. The council was created in 2006 by major payment card brands such as Visa and MasterCard to enhance payment data security and prevent related crimes. PCI DSS 3.1 is a set of requirements that applies to a variety of aspects of online payment processing such as security management, policies, procedures, network architecture and software design. They work together to greatly reduce vulnerabilities with regards to credit card fraud, hacking and other related threats. This certification requires us to implement the following among others, with strict guidelines:
- Build and maintain a secure network and systems
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
What’s New in 3.1?
Overall the differences in PCI DSS standards from version 2.0 to 3.1 implement a more proactive approach to protect cardholder data. The focus is towards security, not compliance, so that it is a business-as-usual practice.
- TLS (1.0) and SSL are no longer acceptable protocols; TLS 1.1 is now required
- Penetration testing must follow NIST SP 800-115 methodology . Extensive penetration tests on the Card Data Environment are required to ensure that the segmentation methods are operational and effective
- New requirements to deepen the security level of the coding practices that protect against broken authentication and session management
Why is it important?
If you are running a business then you need to ensure that your customers’ information is protected. If the PCI DSS 3.1 requirements aren’t met, your business can suffer dire consequences both financially and to your reputation. The average cost per record of data breached is $202. Breaches are not only the result of hackers. If strict compliance policies aren’t kept in place, human error can also account for those breaches. The moment a merchant is suspected of a breach, they are subject to a forensic audit that can cost anywhere from $8,000 to $20,000. Add to that the cost for replacement cards ($3 to $10 per card), compliance fines ($5,000 to $50,000), fines associated with the fraudulent use of those cards and the loss of revenue for having to shut down your operations for several days. If there has been a breach, you can also be certain that customers will have lost confidence in your business and will not want to purchase from you. Being PCI DSS compliant means that these risks are greatly reduced and your business is protected from major losses or even bankruptcy.
k-eCommerce’s PCI implementation is designed to protect customer information and is proactive towards confidential data security. If you have any questions, we invite you to contact us at your convenience.