In recent months, we have witnessed an increase in the number of clients requesting support with their PCI DSS (Payment Card Industry Data Security Standard) Compliance. Card providers such as VISA and MasterCard insist that all businesses comply with PCI DSS to protect both businesses and customers from the ever increasing threat of fraud. PCI Compliance is not a single event, but an ongoing process which changes as payment technology evolves and legislation is revised.
At the start of 2016, the European Commission announced a new General Data Protection Regulation (GDPR), which aims to harmonise the current data protection laws across EU member states. This is the most significant change in data protection legislation in the last 20 years and organisations have two years to update business policies regarding the collection, storage and processing of personal customer data.
Ultimately the updated legislation is in place to protect consumers from identity fraud and organisations from security breaches. PCI Compliance covers a number of activities which includes; building and maintaining a secure network, protecting card holder data, maintaining a vulnerability management programme, implementing strong access control measures, regular monitoring of networks and maintaining an information security policy.
The consequences of non-compliance are significant for small businesses. Without PCI DSS protection, companies remain vulnerable to a data breach, which can severely damage a brands reputation and could result in the company losing the ability to accept card payments. With the new legislation in place from 2018, non-compliance can lead to a maximum fine of up to 4% of annual turnover. Over the course of the next year, many organisations will need to re-examine their processes and procedures in order to ensure they are PCI DSS compliant.
“We have recently assisted three clients with PCI compliance consultancy projects. The team at M2 have experience in building secure networks, penetration testing, security reporting and managing systems with data protection procedures in place.” comments Greg Roffe, Director, M2 Computing.
To find out more about how we can help with your PCI compliance project, get in touch with us on 0845 034 2150 or email email@example.com.