Page 28 - Edition 16.3_web- Final
P. 28
IPP & Renewables
TOP THREE REASONS FOR BUSINESSES TO BE PCI Reasons why PCI compliance can no
DSS COMPLIANT longer be ignored:
1. Boosts customer confidence
By Simeon Tassev, Managing Director and QSA at Galix Networking The main purpose of the PCI DSS is to
minimise the risk of debit and credit card
data loss by outlining how to prevent,
detect and react if potential data breaches
materialise. These days, it is critical that
customers be able to ascertain that the
website they’re shopping on is secure -
they use their cards online to purchase
products or services and put themselves
at risk for financial loss. Card fraud and
identity theft is a massive problem in South
Africa, so merchants need to pay careful
attention to securing sensitive data on their
websites.
2. Provides businesses with a level of
protection if a breach does occur
PCI compliance might not be sufficient to
prevent every single data breach, however,
if a breach does occur and the business is
compliant, there is the assumption that
because all the correct processes were in
place, the breach that occurred was due to
circumstances beyond the control of the
business, which could potentially mean
that the organisation can avoid a penalty
fine, because they’ve done everything they
can.
3. Compliance is less complicated than
businesses think
PCI DSS is the minimum standard, which
With rising levels of credit card fraud along with regulatory and industry covers the minimum from a best practice
pressure, Payment Card Industry Data Security Standard (PCI DSS) compliance point of view. The requirements are clearly
is becoming more critical for businesses to attain. Combined losses from card defined, which simplifies compliance,
fraud were up by 18% between 2017 and 2018, costing South African individuals which means that compliance is not an
and businesses R873 394 351. Given the increasing digitisation of all commercial insurmountable obstacle. Furthermore,
transactions - from banking to shopping to paying for services on the go - PCI once compliance is achieved, maintaining
compliance has now become unavoidable for any business that stores, processes it is not difficult.
or transmits cardholder data. If there was any doubt for companies as to why they
should take PCI compliance seriously, here are a few reasons why. The PCI compliance requirement is here to
stay, which means that businesses need to
acknowledge its importance and approach
it with the right attitude - it’s not simply
to become compliant and tick boxes, but
rather a necessity to improve security which
What is PCI DSS? is for the benefit of every business and its
The Payment Card Industry Data Security Standard applies to an organisation that in any way customers, ultimately.
stores, processes or transmits data cardholder. Despite the name, it’s not a single standard, but
rather a group of standards that apply depending on the nature of the organisation and the Contact:
manner in which it handles cardholder information. Simeon Tassev
Galix Networking
In the PCI DSS space, there are potentially three types of organisations - those that deal with Email: simeon@galix.com
the acquisition and issuing of cards, and merchants and service providers. Merchants are easily
defined as a business or individual that sells goods or services for payment with a credit card,
irrespective of whether the transactions are Card Present, or Card Not Present. Card Present
means a sale with a card that is physically swiped or inserted into a card machine, and Card
Not Present is where merchants accept payments, either over the phone or on an ecommerce
website. Within the merchant classification, there are four different levels, all of which have
different requirements in terms of achieving and maintaining compliance. Such merchant
classifications do not depend on the value of the transactions, but rather the volume.
28
