What would you do with $27.5 billion dollars? If you had 27.5 billion dollars, you could buy 916,667 cars at $30,000/each or 137,500 houses at $200,000/each. What’s special about this number? In 2018, payment fraud losses worldwide reached $27.85 billion in 2018. This number represents a whopping 81 percent of companies who were targets of payment fraud last year alone. And that number is rising. In the early part of the century, with payment fraud rising, American Express, Discover Financial Services, JCB International, Mastercard, and Visa founded the PCI Security Standards Council and introduced PCI DSS 1.0. The most current standard is PCI-DSS 3.2.1

A Brief Overview of PCI-DSS.

PCI-DSS is a common set of security standards put in place to protect consumers. It wasn’t until 2017 that proof of compliance became required for all businesses. Today any business handling, processing, or storing consumers’ card data should have safeguards in place to ensure the safety of consumers’ information.

PCI DSS 3.2.1 added five new sub-requirements for service providers, including requirements relating to multi-factor authentication, as well as new appendices on the migration of Secure Sockets Layer (SSL) / early Transport Layer Security (TLS).

When starting a business and setting up a merchant account, business owners are often made aware of PCI requirements. During the set up they assure their merchant processors that they are following PCI standards. Once established, staying in compliance is essential for any business online, over the phone, or in person.

Sadly, despite penalties and consequences for not being in compliance due to lax enforcement, these standards often become an afterthought. Ensuring businesses follow the standard requires addressing the human factor – employees. All employees of a business that accepts credit cards should receive security education and awareness training.

PCI-DSS Audit Readiness

Don’t wait to find out if you have serious compliance issues. Every merchant needs to be able to safely remove cardholder data in their environments. This is essential to protecting customer data, reduce reputational risk, and stay ahead of the game.

Ensure you have all the control in place such as, penetration testing, antivirus, vulnerability scanning, SIEM/log management, file integrity monitoring, policy and procedure development, etc. If you’re not sure, then consider a PCI-DSS Compliance Readiness Assessment.

At Abacode we help businesses make compliance with PCI DSS requirements easy. As certified cybersecurity & compliance experts (CISSP, CIA, CISA, CEH, PMP, etc.), PCI DSS readiness is one of our focuses. Abacode continuously prepares organizations for their 3rd Party PCI DSS audits throughout the year and helps them maintain compliance moving forward. Our compliance portal helps streamline continuous compliance and security control effectiveness tracking for organizations before, during, and after audits.

Connect with us today to learn more about the PCI DSS readiness process and the cost of implementing a PCI DSS program.