How PCI DSS Secures Credit Card Data
The Payment Card Industry Data Security Standard (PCI DSS) is a standard which exists to protect credit card data. This is a regulation which applies to organizations which collect and store credit card details. PCI DSS offers a series of guidelines which were established by the major credit card companies in 2006 in an attempt to protect credit cards from theft. PCI DSS establishes that organizations which handle credit card data must be able to build and sustain secure networks and systems to ensure that the credit card information is not being accessed by others.
Credit card fraud is a significant problem in America. A report which was published this year found that 63% of American credit card holders had been victimized by fraud, with 51% of them having experienced fraud multiple times. What is also notable about the numbers reported is that of those who were victimized by fraud, only 8% reported that their cards were lost or stolen. Everyone else was targeted by attackers who accessed their data remotely.
The stats on credit card attacks demonstrate the importance on ensuring secured credit card transactions. This is where the PCI DSS is relevant because it establishes a standard for businesses to follow. Unfortunately, it would appear that not enough businesses are in compliance with the PCI DSS. A 2018 report noted that only 52.5% of all organizations are in total compliance with the PCI DSS, and only 39.7% of companies in America. The report also demonstrated that those businesses which were missing PCI DSS guidance experienced a larger number of data breaches.
These data breaches have proven to be very expensive for the businesses which have been targeted. For example, in 2017, Equifax suffered a massive data breach which impacted 145 million Americans. This resulted in a settlement which totaled $425 million. Target was targeted in 2013. Up to 40 million people had their credit card numbers stolen. This breach resulted in a Target spending more than $200 million in legal fees.
Compliance with PCI DSS requires not only building and maintaining secure networks and systems, but it also includes maintaining a vulnerability management program, implementing strong access control measures, and regularly monitoring the networks to ensure their security.
It is also important to understand that the burden to protect credit card data is not on businesses alone. The previously mentioned report also demonstrated that a larger number of those who had their credit card data breached also engaged in unsafe credit card habits as well. The reported noted:
While people who commit credit card fraud rely on several high-tech strategies, too many credit card holders have bad habits that expose their account numbers and make it easier for criminals to steal their financial information.
Unfortunately, 84 percent of cardholders confessed to at least one of these bad habits, and most people (59 percent) exhibited two or more unsafe practices. Though some bad habits have increased in frequency since our last study, most are still less common than they were in 2022.
Maintaining compliance with PCI DSS is an important way for businesses to avoid expensive data breaches, but there is also a responsibility on the part of the consumers to ensure the protection of their card data as well.
