Monthly Archives: November 2015

Five steps for avoiding costly PCI DSS compliance violations

Do you accept payments by debit or credit card? If you so, you need to comply with the Payment Card Industry Data Security Standard (PCI DSS) that is in place. This applies irrespective of how many card payments you take.

At PCI Guide, we provide you with everything you need to know about PCI compliance and the 12 key requirements you need to meet. If you fail to achieve compliance, you will find yourself facing huge costs. In this post, we are going to breakdown some of the key things you can down in order to avoid the huge expenses that are associated with violating PCI DSS.

  1. Familiarise yourself with the requirements – It may sound obvious, but you need to get to grip with the requirements. There are so many business owners that do not really understand what is required of them when it comes to PCI. You have all of the resources you need at PCI Guide to help you understand what you need to do.
  2. Ensure you create effective documentation – There are many different points of PCI compliance that require documentation. This includes steps 12.9, 10.7, 10.3, 10.2, 9.4, 5.2, and 3.6. Therefore, documentation really is a crucial part of PCI. Generally speaking, the main purpose of this is so you can retrace your steps to see where a breach occurred or where vulnerabilities lie. You gain a better understanding of your business, and, of course, you have records to back you up if anything does occur.
  3. Take a deep breath – One of the biggest problems with PCI compliance is that so many business owners see it is an extremely costly and complex process. This worries small companies in particular. They fear they do not have the resources to dedicate to PCI. But, there is no need to worry. PCI compliance does not have to be as draining as you think. In fact, there are security companies that will handle it for you.
  4. Implement an incident response plan – Putting together a plan once a breach has occurred is too late. Needless to say, prevention is the best form of defence. However, there are no guarantees that your business will never suffer an attack, and thus you need to have a plan in place so you know exactly what to do if such an incident occurs. This will ensure you can react quickly and any costs entailed will be minimised.
  5. Be careful about whom you outsource to – Nowadays, more and more cyber criminals are targeting businesses through third party access. Thus, you need to be extremely careful regarding outsourcing. You must check that all service providers comply with the PCI DSS. Don’t simply take their word for it. Ask them about the security systems they have in place and such like.