Accept Credit Cards? Double-check your PCI Compliance
PCI Compliance and Private Investigation
You’ve completed the investigation, submitted your findings, and sent the invoice. Every step of the way you’ve practiced due diligence. Now it’s time to collect a credit card payment from your client. If this sounds like you, then it’s important to understand the responsibility that comes with storing and processing customer credit card information. According to the Payment Card Industry (PCI) Security Council, if you accept credit cards as payment for your services, you are required to be compliant with the PCI Data Security Standard (DSS).
What is the PCI Data Security Standard?
The PCI Data Security Standard is the agreed upon requirements for credit card data security. The governing body consists of the five major global payment brands: American Express, Discover Financial Services, JCB International, MasterCard, and Visa. These corporations have all agreed upon the PCI Data Security Standard (PCI DSS) in order to mitigate data breaches and information hacks, thereby attempting to thwart consumer credit card fraud. While it may not be the most exciting thing you will read this month, the PCI DSS contains vital information about keeping client payment information safe.
The basics for becoming compliant can be summed up in three basic steps according to the PCI Security Council:
Assess
Evaluate the process of payment card intake. Is information taken by phone, online or in-person? Once payment card information is obtained, how is it used and stored? If payment card information is taken online, it is preferred that payments are processed off-site
“It is more effective, . . . for businesses to adopt a solution that ensures sensitive payment data does not enter the business in the first place. This can be achieved by having all payments processed off-site by a PCI DSS compliant service provider, transferring the PCI obligations related to phone payments from the business to the third party provider,” - Matthew Bryars, CEO of Aeriandi.
If payment card information is taken by phone or in-person, adherence to PCI DSS is placed firmly upon the organization obtaining the payment card information. It’s important to analyze your organization's weaknesses by pinpointing where this data could be exposed to unauthorized individuals.
Remediate
Patch up your weak points by having a plan and sticking to it. PCIComplianceGuide.org details five steps to creating an actionable and sustainable plan for PCI DSS compliance. Adjust and become familiar with payment card protocol and align with the requirements of payment card vendors such as Visa, Mastercard, American Express, and Discover.
Report
Once assessment and remediation have been applied, complete compliance reports as needed and maintain compliance with PCI DSS.
Why You Should Be Compliant
Compliance ensures that your clients can be confident in giving their payment information to your business. Just like case data, your client’s payment information is sensitive information and should be handled with the utmost care. Complying with PCI DSS can help you avoid serious and detrimental consequences such as lawsuits, insurance claims, loss of accounts and irreparable damage to your reputation as a professional investigator.
Being compliant with PCI DSS protects you and ensures that your systems and practices are secure. A 2012 data breach investigation report from Verizon showed that small businesses accounted for the vast majority of credit card fraud. What’s more, the investigation concluded that while vendors may be subject to PCI DSS, they may not have been compliant. Nearly 96% of fraud victims’ data wasn’t stored using PCI compliance. Using the policies set forth by the PCI Security Council helps protect both you and your clients from being a part this growing problem. Once you become compliant, stay compliant. Continuing PCI DSS compliance makes you a part of the solution instead of the problem.
The success of your business comes with plenty of pitfalls. While some of these challenges are unavoidable, keeping your client payment card information safe is well with the realm of your control. You’ve worked too hard to ignore this step in securing your business, your reputation and your future. Find out more about PCI DSS today.