Posted by admin on Feb 26, 2016


Learning the Basics of PCI Compliance

Proper adherence to PCI compliance guidlelines protects your business.  This article discusses the basics of PCI compliance for high risk merchants.  

What is PCI Compliance?

The Payment Card Industry Data Security Standard, commonly known as PCI-DSS, provides a framework based on which all entities that handle card information or other sensitive personal details can become compliant in terms of security.

When high risk merchants work together with payment processing service providers within the rules of the PCI  framework, the risk of cyber-attacks and data theft can be significantly reduced. Keeping your business safe.  And protecting your payment processing accounts.

Security Data Breaches Impact Your Business

High risk merchants, like all businesses, are at risk for payment processing security breaches.  The costs associated with data breaches, combined with the pervasiveness of internet payment processing, has made the prevention of  such events a priority.

One of the most recent studies on the current state of PCI compliance suggests that there is a gap between the required and the actual level of data security.  But, there is some hope that the gap is gradually closing.

Verizon's 2015 report states that during 2014, the number of companies that became PCI compliant doubled compared with the previous year. However, only 29% of those that become compliant will complete subsequent annual evaluations.

Even though the use of enhanced authentication is becoming common , the overall security level of high risk merchants handling sensitive payment processing data is still low.  One only needs to look at the frequency with which high profile data breaches have occurred in the past year, both for standard & high risk merchants, to confirm this.

The extensive cyber security research carried out by Verizon since 2009 showed that there is a clear correlation between low security standards and  being targeted by cybercriminals.

Basic PCI Protection Measures

The PCI standard includes a series of recommended measures that any business or payment processing service provider needs to implement in order to avoid data breaches.

  • Protect cardholder data by installing and maintaining a firewall
  • Use encryption when card information is transmitted across open, public networks
  • Use up-to-date virus protection
  • Focus on achieving the maximum security for your applications
  • Restrict access of individuals to card information
  • Keep a record of all individuals that have access to card information
  • Create and maintain a security policy for employees and contractors

Costs of Data Breaches

It may seem unnecessary, particularly for small to medium sized businesses and organizations, to implement and maintain security measures.  Yet, the costs associated with potential data breaches make PCI-DSS worth the effort.

While evaluating the consequences of data breaches is a challenge in itself, a benchmark study released by the Ponemon Institute together with IBM estimates that the cost of a single data breach in 2014 increased by 23% compared with the previous year, reaching a figure of $3.8 million, with each lost or stolen record causing a loss of around $154.


No high risk merchant, big or small, can be protected from data breaches through means other than appropriate security. In a world where cybercrime is almost impossible to control, applying and maintaining PCI security measures should be everybody’s priority.

Interested in finding out more about PCI-DSS?    

Contact today