Companies that process, storage or manage information from the credit or debit card holders must guarantee the security of the sensitive data, due to leak could lead to hacking or fraud information. In order, to combat fraud the principal card brands, American Express, Discover Financial Services, JCB International, MasterCard and Visa, Inc, created the global forum, PCI Security Standard Council, set aside for the development, enhancement, storage, dissemination and continued implementation of security standards for data protection 1 .
Companies must ensure that customer transactions are conducted in a secure environment. For this reason it is essential the compliance of the PCI DSS normative, not only to combat fraud data and cardholder accounts, but also to comply with the settle security requirements or have the support of companies that have the PCI DSS certification. PCI DSS compliance could assume the following advantages for businesses 2 :
- Secure operation processing systems.
- Increases customer confidence to repeat purchases and therefore their loyalty, which increases business sales.
- It allows implementing an action plan and a constant security strategy in the company which it would help to prevent short, medium and long term security breaches. All of these will build a robust security culture in the organization.
PCI DSS requirements constantly evolve and improve in order to ensure, guarantee, and increase the security of the information of accounts and card holders. Recently, last April the PCI Security Standard Council have announced the launch of the new version 3.1 with new requirements which all the companies that participate in the processing, storage or transmission of the confidential data from the credit or debit card must adapt quickly to comply with the PCI DSS normative by the deadline 3 . Failure to comply with PCI DSS regulations could lead to the following consequences 4 :
- Card data would be compromise and be sensitive to be hacked.
- A bad reputation in the long term for the company if an information leak occurs, which means lost sales and customers.
- Credit or debit card brands may apply sanctions, demands, fines, insurance claims or cancellation of accounts.
Companies specialized in the payment sector industry that comply with the PCI DSS normative will help to manage in a secure way their transactions guaranteeing the maximum security of the sensitive and confidential information, besides they will facilitate the compliance of the PCI Standard Council requirements. As is the case of Sipay the first European payment gateway that has achieved the PCI DSS certification in its last version 3.0, level 1. “This concession recognizes the effort and maximum compliance in security. Sipay continues adding the necessary resources against bank cards fraud, by the protection of the infrastructures which process, transmit or store the data related to credit or debit cards of our clients”, points out Laura Vallejo, Communication Manager at Sipay, payment gateway specialized in the development of intelligent payment solutions adapted to our client’s necessities for the point of sale, online commerce and mobile payments.
The collaboration and cooperation of all the stakeholders, both card payment companies and organizations that process and store sensitive information are called to build a strong safety culture to combat credit or debit card fraud, as well as the account holder’s information.
You can fine further information related to the PCI DSS normative in the following links: