How The PCI Security Standards Council® Lays the Groundwork for Safer Digital Payments

In a Nutshell: When five of the world’s largest credit card vendors combined their security programs into one in 2004, it created the Payment Card Industry Data Security Standard (PCI DSS). Not long after, it became clear that an organization was needed to manage constantly evolving PCI standards, and the Payment Card Industry Security Standards Council was born in 2006. Since its inception more than a decade ago, the Council has focused on reducing business owners’ risk of cyber theft by monitoring standards of accepting digital payments. The Council has gone further to help entrepreneurs by establishing a small business task force to help educate SMB owners to better protect their customers’ sensitive data. //

It’s no secret that businesses across the globe are experiencing the effects of an increasingly cashless society. Just over a decade ago, checks were the predominant type of non-cash payment in the US. One by one, starting in 2007, non-prepaid debit card, then credit card, and then ACH payments (with debit transfers and credit transfers combined) overtook checks.

The 2016 Federal Reserve Payments Study showed that in 2015, US non-cash payments, including debit card, credit card, ACH, and check payments, totaled more than 144 billion transactions with a value of almost $178 trillion. That number increased at an annual rate of 5.3% by number or 3.4% by value from 2012 to 2015 and is expected to grow even more over the next five years with the proliferation of mobile payments.

On one hand, digital payments relieve the business owner of the burden of handling large amounts of cash. But with that benefit comes many potential potholes on the road to success. Cyber theft is considered to be the fastest-growing crime in America with 69% of Americans concerned about the theft of their private information when making a purchase.

The Payment Card Industry (PCI) Security Standards Council was originally formed in 2006 by leading credit card vendors — American Express, Discover Financial Services, JCB International, Mastercard, and Visa Inc. — with the goal of managing the Payment Card Industry Data Security Standard. It’s grown in the last decade to become the gold standard in cyber security, with member businesses spanning nearly every major country in the world.

The Council board releases regular security advisements and works to remain ahead of trends in cyber security. Each of the Council’s founding payment brands has its own compliance programs that individually determine infractions and penalties for companies that do not follow the standards. The Council itself does not pass judgments or levy penalties for non-compliant businesses.

PCI compliance is one of the toughest sets of standards in the payment processing field today, but it’s also a safeguard for business owners to keep their interests, and reputations, secure.

According to the Council, 60% of all SMBs have experienced some sort of data breach, with the average cost of repairing the breach reaching $20,752. Because small companies typically have small security budgets, 71% of hackers target businesses with fewer than 100 employees. One such breach can completely cripple a business and destroy any goodwill or trust customers have with the proprietor.

It’s with those numbers in mind that the Council created the PCI Small Merchant Taskforce in 2015. Its resources include a guide to safe payments, common payment systems, questions to ask your vendors, and a glossary of payment and information security terms. All of the resources are available to download for free.

While the Council was founded by most of the major credit card companies, it has more than their best interests at heart. As the amount of money spent through credit and debit cards continues to grow each year, so do the number of crimes targeting payment information. If the fear of theft slows down the use of credit and debit cards, it not only hurts your business, it hurts the credit card industry as a whole. Hence, the Council sees itself as a resource to protect worldwide security, starting with the members of your office.

How secure is your business? Most companies can’t afford to hire a PCI professional to patrol its cyber real estate in the cloud. To cut down on costs, while maximizing security benefits, PCI has instituted the PCI Standards Training Program, which taps independent trainers to help businesses learn what is needed to become compliant.

These are some examples of courses available through the PCI Standards Training Program.

The program enlists authorized institutions to train, test, and qualify organizations and individuals who assess and validate compliance so merchants successfully implement PCI standards and solutions. While many businesses see compliance as a once-a-year event, the growth of threats has turned the need to focus on security into a round-the-clock task.

The Training Council, which disseminates most of its offers and information through social media outlets, also sponsors PCI Community Meetings, with training sessions, keynote speakers, and a strong focus on security issues that businesses face today. This year’s community meeting will take place September 12-14 in Orlando.

Despite a heavy concentration of American board members, business partners, and office locations, the Council is very much a worldwide organization. A recent conference in South Africa focused on making payments safer for the global payment card industry. The aim of the conference was to find ways to make the harvesting of sensitive data a less profitable crime.

“With the rapid growth in the multitude of ways to make payments, now, more than ever, we must join forces to devalue payment data and make payments safer,” PCI SSC General Manager Stephen Orfei told attendees. “We need to make solutions readily available and easier to use for merchants. Global collaboration and information sharing will continue to be critical.”

The rise of cybercrime in Africa and the Middle East has exploded in recent years to nearly surpass the incident numbers seen in America.

“It is vital for the global business community to adopt strong security standards and technology solutions, and to train and educate their people,” International Director Jeremy King said. “PCI Standards and programs deliver a business solution to cyber crime, not just an IT solution, by bringing together a powerful combination of people, processes, and technologies.”

Many of the security initiatives in place today will be outdated by this time next year. It’s the nature of cyber security to always stay one step ahead of thieves. That’s why a council like the one created to uphold PCI standards is important to businesses of any size. Despite the complexity of compliance, and the headaches such certifications can cause, it dwarfs the pain that a single breach of customer information can bring.

The global security body the Council has created works to maintain high standards to keep your business and theirs safe, while giving peace of mind to the consumers who trust you with their sensitive data.

Based on projections, more than $200 trillion in digital transactions will take place this year alone. It only takes one glitch in security to bring down your life’s work overnight. The PCI Security Standards Council is doing its part to make sure that doesn’t happen to you.