The Payment Card Industry Data Security Standard (PCI DSS) created by the major credit card brands to protect customer’s sensitive data is constantly being updated. Every year new cyber-threats arise as hackers find new ways to steal customer data and the PCI DSS standards have to be updated. The most recent changes to PCI occurred in April of 2015. Currently there are twelve primary PCI requirements that have remained unchanged since the standard was created. However, there are an additional 200 or so sub-requirements that do change quite frequently.
Because of the sheer number of requirements and because the standard is constantly being updated to adapt to new threats, smaller businesses have a difficult time staying compliant. Businesses that are found to not be compliant could face fines. To get an idea of how difficult it can be to stay PCI compliant, here is a look at the 12 main requirements.
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software on all systems commonly affected by malware
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
Throw in all of the sub-requirements for each of these and you begin to see how hard it is for a small business with limited resources and a small IT team to remain compliant.
Outsource IT to a managed service provider
Fortunately, there is a way for smaller businesses with limited resources to stay on top of the ever-changing PCI standard. A small business can have the IT expertise of a large corporation for a fraction of the cost by teaming up with a managed service provider to handle their IT needs. The advantage of paying for managed IT services is that the provider, unlike a small business owner, can be focused solely on providing excellent IT management because that is what they are already doing for many other clients.
A managed service provider has the resources and staff to stay on top of PCI standards and can help your business remain compliant even when the standards are updated.
Source: IT Wire