When handling sensitive information like cardholder data, it is an absolute necessity to conform to the strictest security standards. k-eCommerce is proud to announce that they have met all the new requirements and are once again certified as a PCI DSS 3.2 Level 1 Service Provider.
What is PCI?
Founded in 2006 by major credit card companies like Visa and MasterCard, the Payment Card Industry (PCI) Security Standards Council was established to help evolve and promote the implementation of worldwide security standards (known as PCI DSS) to safeguard cardholder data.
What has changed in PCI DSS 3.2?
Here is a list compiled by PCIC highlighting the significant changes:
- The extension of the SSL/early TLS dates to June 30, 2018, will be reinforced.
- Multi-factor authentication requirements for accessing the cardholder data environment, which were already in place for remote access scenarios, will be extended to include local access.
- Service providers will undergo additional scrutiny of their change management processes, and penetration testing will be required on a more frequent basis.
- There will be some new appendices in the DSS, including one dedicated to SSL/early TLS and one that brings DESV requirements into the DSS.
- Rules for displaying card numbers will be modified to accommodate an upcoming change to card number standards.
Why is PCI compliance so important?
Any organization handling credit card information is required to adhere to these protocols. A data breach can have dire consequences for any non-compliant business:
- Operations will be halted to perform a forensic audit, resulting in lost revenue
- Costs related to the audit will be incurred ($8,000 to $20,000)
- Compliance fines ($5,000 to $50,000), as well as fines related to the fraudulent use of the cards that were compromised will be applied
- Replacement costs for the credit cards that were affected ($3 to $10 per card)
- Damage to the company’s reputation
How can your business comply?
Your business can perform an annual PCI audit and obtain its own certification, but this can be costly depending on how many transactions your organization handles. Another option is using a PCI DSS 3.2 compliant eCommerce solution like k-eCommerce. In doing so, the onus is on us to secure cardholder data.
Protect your customers and protect your business.
PCI DSS 3.2 compliance significantly reduces the risks associated with data breaches, and ultimately protects your business from major losses or worse. Adhering to these standards or using an eCommerce solution like k-eCommerce that proactively complies with the latest protocols will ensure that your customer’s credit card data is secure.
What’s New in PCI DSS 3.2 – https://www.pcicomplianceguide.org/whats-new-in-pci-dss-3-2/
PCI Security – https://www.pcisecuritystandards.org/pci_security/