It’s only too easy to become lax when it comes to PCI DSS (Payment Card Industry Data Security Standards), especially when the threat is invisible, but you only need look to the latest headlines (ahem, Tesco) to see just how prevalent data breaches and security failures are, even amongst globally recognized enterprises.
Alarmingly, since the introduction of PCI DSS 3.1 last year, 71.4% of companies who achieved full PCI compliance let their standards slip within a year. Think about that for a second… Only 28.6% of companies that were successfully validated are likely to have maintained their PCI standards over the past 12 months. All that hard work down the drain!
If you want to maintain your organization’s reputation and remain a name which clients and customers trust, you need to stay on the ball when it comes to PCI DSS. This is also essential if you want to continue using the “Big Five” payment card vendors who make up the PCI SSC (Security Standards Council), while avoiding potential financial penalties and any other sticky situations that might arise from non-compliance.
Raising the Bar
Unfortunately, as PCI compliance becomes increasingly important, the hoops organizations must jump through to achieve it become more and more difficult to reach. Growing threats to data security prompted a major update to PCI DSS 3.0 last year (3.1), and another earlier this year (3.2), which have significantly complicated the original standards, making full compliance far harder to attain.
Somewhat paradoxically, the requirement to perform regular security system tests AKA penetration testing (introduced as the 11th requirement of PCI DSS 3.0), which was arguably the most important improvement introduced with 3.0, also seemed to be the most difficult for contact centers and other businesses to adhere to. According to Verizon, this requirement saw a marked decrease in compliance post-introduction; however, since July of last year it’s been a standard rather than best practice, so this situation should have been rectified.
Nobody’s Perfect – Yet!
When the new standards were first rolled out, a huge number of organizations and contact centers were unable to comply immediately. Yet, as time has worn on and threats have become more prevalent, increasing numbers of businesses are approaching the “full compliance” mark.
According to the Verizon report, 80% of organizations are now able to meet 90% of PCI DSS testing procedures and sub-controls. Although four in five merchants are currently technically non-compliant, the vast majority have radically improved their game and are certainly “getting there”.
Helping Contact Centers Maintain Their PCI Standards
The latest standards are designed to be tough, but there’s no need to be intimidated or disheartened. Achieving full compliance can be tricky, but partnering with a 3rd party solution provider like PCI Pal can dramatically reduce the likelihood of your hard-earned PCI standards falling by the wayside.
Obviously, protecting customer data, and brand reputation, is a high priority for ecommerce merchants as well as bricks and mortar businesses, but it’s important to remember that PCI DSS compliance is only a starting point, not the end goal of your cybersecurity policies.
Get in touch with our expert payment security consultants today to discover a quick, powerful and hassle-free way to make your contact center PCI DSS compliant. We look forward to hearing from you.