<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=905697862838810&amp;ev=PageView&amp;noscript=1">

LenderHub

SWBC's LenderHub blog is a one-stop resource for lenders.

 

Introduction to the Payment Card Industry Data Security Standard (PCI DSS)


pci-dss-security-standards-700.png

Many of the lenders we partner with often feel like there's a never-ending list of regulatory and compliance requirements to meet. However, if you're lending, you're most likely accepting borrower payments, and you need to be informed about the intricacies of PCI DSS, or the Payment Card Industry Data Security Standard.

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a group of standard security processes aimed at guarding the acceptance, processing, storage, and transmission of credit card data. The standards were created and agreed upon by major credit card payment companies, and those credit card companies are responsible for ensuring compliance. All organizations that accept, transmit, or store American Express, Discover, JCB, MasterCard, or Visa credit card data are expected to comply with mandates of the PCI DSS.

Why is PCI DSS important?

Unfortunately, fraud and security breaches are rampant. In fact, according to Experian, almost half of all organizations fell victim to a security breach in the last year. Safety of credit card customers' information is the main goal of the PCI DSS. Recognizing consumers' need for greater security in credit card transactions, the major credit card companies established the PCI DSS in an effort to safeguard credit card users against having their information misappropriated or misused. The standards cover protection of stored data, encryption of transmitted data, and controls at all points in the payment process, including back-end storage and card holder data usage.

Related reading: 5 Useful Tips to Protect Your Financial Institution from Cyber Attacks

PCI DSS requirements

The PCI DSS outlines six goals and 12 specific steps that credit card handlers and processors must take to ensure the security of their account holders' card data.

Goal

PCI DSS requirement

Build and maintain secure network

1. Install and maintain firewall configuration to protect card holder data

2. Do not use vendor-supplied defaults for system passwords or other security parameters

Protect card holder data

3. Protect stored card holder data

4. Encrypt transmission of card holder data across open, public networks

Maintain vulnerability management program

5. Use and regularly update anti-virus software or programs

6. Develop and maintain secure systems and applications

Implement strong access control measures

7. Restrict access to card holder data by business need-to-know

8. Assign unique ID to each individual with computer access

9. Restrict physical access to card holder data

Regularly monitor and test networks

10. Track and monitor all access to network resources and card holder data

11. Regularly test security systems and processes

Maintain information security policy

12. Maintain policy that addresses information security for all personnel

How the PCI DSS affects your financial institution

Since all companies that accept, transmit, or store credit card data must comply with the PCI DSS, it's very likely your financial institution is subject to compliance. Even if you use a third-party credit card processing company, you still must comply and are held accountable. If your financial institution suffers a security breach and the Payment Card Industry Security Standards Council (PCI SSC, the governing body that enforces the PCI DSS) finds that your institution is in violation of any PCI DSS edict(s), you may be subject to fines of $5,000 to $100,000 per month!

The rules and regulations that apply to financial institutions are indeed vast. I hope this summary of the PCI DSS helped you understand what and how you must comply. For more specific guidance on the changing landscape of consumer payments, click here.

New Call-to-action

pci-dss-security-standards-185.png

Leave a comment below!