Blog

Dresner Group Blog

Our technology blogs feature IT tips and best practices for businesses in Columbia, Baltimore, and Bel Air.

Are You Risking Your Business by Neglecting PCI DSS?

Are You Risking Your Business by Neglecting PCI DSS?

It is becoming increasingly apparent that all businesses need to be attentive to (and respectful of) the security of the data they collect - especially payment card information. With Facebook recently being handed fines that totalled $5 billion for certain lapses in their data protection practices, this is clearly not something to be taken lightly.


As a matter of fact, both consumers and the legal system have had a raised awareness concerning the privacy of the data that businesses collect. If a business doesn’t protect their clients and customers, their employees, or their vendors, it is flirting with the risk of serious litigation. No industry is safe, as long as you accept credit cards you are at risk, from CPAs, to medical professionals, even if your customers aren’t human.

This is especially the case when credit card information is concerned. Businesses that accept credit cards are beholden to the Payment Card Industry Data Security Standard, also known as the PCI DSS. The PCI DSS assists businesses in avoiding the liability that would come from a data breach.

The Three Steps to PCI DSS Compliance

In order for your business to be compliant to PCI DSS, there are three critical activities that you have to continuously carry out. They are:

Assessment

How would you know if your technology could potentially put cardholder security at risk, if you didn’t assess it? Running an assessment is an effective way of identifying an issue that could get in the way of PCI DSS compliance. There are multiple ways of assessing your technology, including self-administered questionnaires, and official tests performed by qualified assessors. It may be in your best interest to invest in both to ensure that all is attended to.

Remediation

Any vulnerabilities that are revealed during the assessment need to be fixed, as they will interfere with your compliance to PCI DSS. It often helps to bring in a technician with plenty of experience, such as the ones here at Dresner Group. In addition to fixing vulnerabilities, this is an opportune time to remove any unnecessary cardholder credentials and details.

Reporting

Once you have resolved the issues that were revealed in your assessment, you need to have your remediation records and compliance reports submitted to the appropriate banks and credit card processing centers. If a business in Maryland intends to accept and store credit card details, a secure and functional system needs to be reported.

What Happens If I’m Not Compliant?

As more focus is directed to privacy, data breaches and lapsed compliance become a bigger deal, with more severe consequences associated with them - particularly in Maryland. The Maryland Personal Information Protection Act puts the brunt of the responsibility on your business to protect clients whose data was breached.

Furthermore, there are quite a few additional consequences to account for as well:

  • You could easily be liable for damages wrought due to the theft of data
  • Your customers and clients will likely lose their trust in you, switching to other merchants and providers
  • You may have to pay the cost to reissue new cards
  • You may be responsible for offsetting losses due to fraud
  • You may find it more expensive to achieve compliance after the fact
  • You could be on the hook for legal costs and settlements
  • You will have to pay assorted fines and penalties
  • You may lose the ability to accept credit cards, which most consumers prefer to use
  • You and your team could lose their jobs, from the C-suite to the entry-level
  • You could potentially go out of business

Naturally, none of these outcomes are good, so you need to make sure you can avoid them by being compliant to the rules laid out by PCI DSS. Dresner Group can help - we are familiar with the rules and regulations regarding PCI DSS and can help your business remain compliant. Reach out to us at (410) 531-6727 to discuss your needs.

×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Tip of the Week: How to Control File Sharing in On...
Are Cloud Servers an Option?
Comment for this post has been locked by admin.
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 21 November 2024

Captcha Image

Client Service Login

Latest News & Events

Annual Channel Futures MSP 501 Identifies Best of the Best in the Managed Services Industry Dresner Group has been named as one of the world’s top-performing managed service providers in the prestigious 2024 Channel Futures MSP 501 rankings. The Chan...

Contact Us

Learn more about what Dresner Group can do for your business.

Copyright Dresner Group. All Rights Reserved.