The new regulations are supposed to make the credit card information you store more secure–but you're going to pay for it.
New security standards released today by Visa, Mastercard, and other credit card companies are going to have a big impact on any business that accepts credit card payments from customers.
The rules, formulated by the Payment Card Industry Security Standards Council, which represents the major card brands, are aimed at making your customers' credit card data more secure–but they will undoubtedly add to your administrative and operational costs too.
Take a look at the requirements you must follow, as of January 1, 2014:
- Install a firewall separating consumer credit card information from the rest of the business network.
- Avoid vendor default passwords for systems.
- Protect stored data and encrypt it as it is sent over open, or public networks.
- Protect systems against malware, and regularly update systems and hardware with anti-virus software.
- Restrict access to the cardholder portion of their networks, as well as identify and authenticate access to the system
- Track and monitor all access to network resources and cardholder data, and regularly test security systems and processes.
- Maintain a policy that addresses information security for all personnel.
Depending on the size of the business and the volume of transactions, it can cost tens of thousands to hundreds of thousands of dollars for businesses to comply with PCI standards annually, according to analyses from research firms Gartner and Ponemon Institute. Failure to comply with standards, however, will mean you risk paying hefty monthly fines (from $5,000 to $100,000, depending on the size of the business) or risk expulsion from credit card acceptance programs.
As commerce increasingly migrates to electronic payments, cyberattacks against merchants have grown increasingly expensive and sophisticated, with the potential to expose ever-increasing troves of consumer credit card information to thieves. Two of the biggest attacks in recent years include TJ Maxx and Heartland Payment Systems, where hackers made off with information for millions of consumer credit card accounts.
More from Inc.com:
