Safeguarding confidential and personal information should be a top priority for any business, so we've put together some frequently asked PCI/CISP questions and answers.
What Is PCI DSS / CISP?
The Payment Card Industry (PCI) is a joint creation of Visa, MasterCard, Discover, and American Express. In response to the growing frequency and severity of credit card and identity theft, this organization created the PCI Data Security Standard (PCI DSS), with the overall goal of protecting credit card data wherever it may reside.
The Cardholder Information Security Program (CISP) was initiated and mandated by Visa in June 2001. In 2004, these requirements were incorporated into the PCI DSS to establish industry-wide standards for card security. These standards must be followed by both merchants and providers.
Sources: Visa Cardholder Information Security Program
Why Is This Important?
Identity theft is a major issue that is growing exponentially. The FTC estimates that approximately nine million Americans have their identity stolen each year - a crime amounting to $45 billion.
PCI compliance is critical for anyone doing business online, including the merchant and the customer. For the merchant, the penalties of using a non-PCI compliant provider can include:
- $500,000 in fines (per incident)
- Complete loss of ability to process card transactions
- Class-action lawsuits
- $10,000 in monthly fines
- Major public relations crises
For the customer, credit card and/or identity theft is devastating. Dozens of calls must be made, dozens of forms must be filled, and credit can be ruined. More important to your business, your customer now has a sense of mistrust that makes them weary to purchase from you.
Sources: Federal Trade Commission, Washington Post, Javelin Strategy and Research