PCI
What is PCI DSS?The PCI DSS was developed and is enforced by the payment card issuers. It is designed to protect consumers and businesses, and to encourage the global adoption of consistent data security measures. The PCI DSS is comprised of 12 broad requirements which organizations must meet to maintain compliance. The requirements for what must be submitted to confirm compliance vary depending on the merchant level, which is determined by the number of payment card transactions processed per year. |
Dell SecureWorks offers a full suite of consulting and remediation solutions to help organizations address the demands and challenges of Payment Card Industry Data Security Standards (PCI DSS) compliance. Dell SecureWorks is also an Approved Scanning Vendor (ASV) and Qualified Security Assessor (QSA).
PCI DSS requires any organization that accepts, acquires, transmits, processes, or stores data that contains payment card information to protect the privacy and confidentiality of the data. In addition to retailers, this standard impacts financial institutions, hospitals, cafes and restaurants, hotels and payment service providers, among many others.
Several trends have accelerated the need for compliance in recent years:
- Card issuers are enforcing PCI compliance for merchants of all levels - While card issuing companies have been actively enforcing compliance for Level 1 merchants the past few years, they are now enforcing compliance for Level 2 - 4 merchants as well. Merchants that are non-compliant can face substantial fines and the threat of having payment card privileges revoked. With an estimated 1.5 billion payment cards in use just in the US, this is a major concern.
- Compliance does not equal security, so merchants continue to experience data breaches - Data breaches at organizations of all types and sizes continue to make headline news. Recent breaches include well-known retailers and banks, as well as hospitals and healthcare facilities. Companies that suffer breaches may spend millions of dollars in fines and remediation costs, lose customer trust and suffer long-term damage to their brands. In addition, any PCI breach is now a HIPAA violation as well.
Beyond Compliance: Building a Comprehensive Security Program
Many organizations are realizing that a strong security policy can give them a competitive advantage, and that it isn't just an expense. By going beyond the minimum requirements and focusing on a broader security program, they can not only respond to and mitigate potential data breaches and attacks, but also serve customers more efficiently and improve their bottom line.
This maps well to Dell SecureWorks philosophy, too. We advocate a "security approach to compliance" instead of a "compliance approach to security," because it's critical to have a strategy that's scalable, sustainable, and is backed by a culture that values security throughout the organization. This can help reduce the risk of breach and damage to your brand reputation, and help you manage your costs and resources.
