• Kyser Clark

How does compliance with PCI standards help an e-Commerce company manage IT security risks?


Stakeholder trust is vital to meeting the goals and mission of any organization. Since accepting electronic payments is crucial for any e-commerce company, organizations need to recognize consumer demand for secure card transactions. Failure to secure card transaction data can negatively affect stakeholders, severely damaging the company's reputation, affecting stakeholder relationships, and can lead to loss of sales. Furthermore, such failures can lead to lawsuits, insurance claims, and government fines (De Groot, 2021). For any e-commerce company, the Payment Card Industry (PCI) standards reduce these information technology (IT) security risks.


Understanding PCI Compliance

PCI compliance is a mandatory set of technical and operational standards mandated by credit card companies and developed and managed by the PCI Security Standards Council (PCI SSC) to ensure secure transactions in the payment industry (Kagan, 2021). There are four compliance levels:

  • Level 1: Merchants that process over 6 million card transactions annually.

  • Level 2: Merchants that process 1 to 6 million transactions annually.

  • Level 3: Merchants that process 20,000 to 1 million transactions annually.

  • Level 4: Merchants that process fewer than 20,000 transactions annually.


According to ControlCase.com, the 12 requirements set by the PCI SSC for PCI DSS Compliance are:

  1. Install and maintain a firewall configuration to protect cardholder data

  2. Do not use vendor-supplied defaults for system passwords and other security parameters

  3. Protect stored cardholder data

  4. Encrypt transmission of cardholder data across open, public networks

  5. Use and regularly update anti-virus software or programs

  6. Develop and maintain secure systems and applications

  7. Restrict access to cardholder data by business need to know

  8. Assign a unique ID to each person with computer access

  9. Restrict physical access to cardholder data

  10. Track and monitor all access to network resources and cardholder data

  11. Regularly test security systems and processes

  12. Maintain a policy that addresses information security for all personnel


Benefits of PCI Compliance

There are plenty of benefits that come with being PCI compliant. These benefits include improved customer trust, data breach defense, meeting global standards, and providing a baseline to aid in meeting other cybersecurity regulations and standards (SysGroup Marketing, n.d.). In addition, when the organization is PCI compliant, they are putting cybersecurity first. The secure first mindset leads to secure systems that customers can trust—improving the organization's reputation, IT infrastructure efficiency, corporate security strategy, and peace of mind (De Groot, 2021).

Summary

Stakeholder trust is vital to any e-commerce company. Digital transactions are higher than ever, and there is no sign of them slowing down. Therefore, companies need to understand PCI compliance and implement requirements to become and stay compliant. When a company is PCI compliant, they build trust with consumers; this leads to increased brand reputation, IT infrastructure efficiency, and corporate security strategy. Additionally, by taking a security-first approach, overall cyber defense improves across the entire organization, which primes the company to meet other cybersecurity requirements reducing the chance of fines, lawsuits, and insurance claims.


References


ControlCase. (n.d.). What are the 12 requirements of PCI DSS compliance? Retrieved November 7, 2021, from https://www.controlcase.com/what-are-the-12-requirements-of-pci-dss-compliance/

De Groot, J. (2021, August 12). What is PCI compliance? Digital Guardian. Retrieved November 7, 2021, from https://digitalguardian.com/blog/what-pci-compliance

Kagan, J. (2021, March 4). PCI compliance. Investopedia. https://www.investopedia.com/terms/p/pci-compliance.asp

SysGroup Marketing. (n.d.). 5 benefits of PCI DSS compliance. SysGroup. https://www.sysgroup.com/resources/blog/5-benefits-pci-dss

Image Source: EDB Bahrain

11 views