PCI compliance is one of those things that are incredibly helpful and incredibly annoying at the same time. Similar to the Department of Transportation’s (DOT’s) Federal Motor Carrier Safety Administration (FMCSA) guidelines for semi-truck safety on the interstate, the Payment Card Industry Security Standards Council (PCI SSC) standards help ensure that credit cards are safe on the Internet and on the equipment of a company.
Now, of course, the flip side of the safety brought to those using the Internet or the interstate by DOT or PCI rules is that the stringency of the standards can sometimes be frustrating: this is the plus-and-minus nature of regulations. For instance, those organizations that tend to incorporate DOT compliance solutions or software into their business operations may have their own advantages and disadvantages which could be completely different from the ones that adhere to PCI rules.
Having said that, just to be clear, PCI is not federal regulations like those of the DOT. Instead, the credit card companies started the PCI standardization group to try to establish an across-the-board idea of what security for payments online is all about – to minimize the chances of theft of credit card numbers, purchasing data, etc. Online, PCI standards are similar to the standards set for Extended Validation (EV) SSL certificates by the Certification Authority/Browser Forum (CA/B Forum). As with PCI, EV standards were established by major industry players to protect not only their customers but themselves.
Let’s take a quick look below at what is entailed with PCI compliant web hosting. Additionally, since I’ve been throwing around all these acronyms, I’ll review a few of the other most important up-and-coming acronyms in the standards world. I’ll start with the first of those now:
Up & Coming Standards Acronyms: DHAH Bag Standard
DHAH is an exciting standard being developed by the international bag industry. DHAH stands for “Doesn’t Have Any Holes.” Charles Gibbons of the North American Free Bag Association (NAFBA) feels this standard will make it a lot easier for people to exchange bags without having to worry about functionality: “To be completely clear, a bag should have one hole in it – a big one at the top where you can put stuff in,” he explains. “Additional ones at the bottom are what DHAH standards are concerned with.”
What’s the PCI Council & 5 Reasons Compliance Matters
The Council was started in 2006. It is a worldwide forum and is open for membership application. Currently it oversees three sets of standards and requirements:
- PCI-DSS (Data Security Standard)
- PCI-PA-DSS (Payment Application Data Security Standard)
- PCI-PTS (PIN Transaction Security Requirements).
PCI applies to all processing, handling, and storing of credit card and payment data. As the Council explains, “Our standards cover everything from the point of entry of card data into a system, to how the data is processed, through secure payment applications.”
Founding members include MasterCard, Visa, Discover, and American Express. It’s important to note that the Council itself does not enforce its standard. However, the individual credit card companies will sometimes require the companies meet the standards so that online fraud is less likely to occur.
Of course, online fraud is not desired by anyone conducting legitimate business on the Web. The basic gist on why compliance is important for you:
- Consumer Trust – PCI-DSS is an easy way to establish third-party vetting of your security. This increases trust, which in turn increases sales and repeat business.
- Payment Card Partnerships – Becoming compliant makes it easier to take payments with the major credit card companies. It’s validation that you share their same concerns.
- Building a Wall – Becoming compliant is an investment in the future. Building a more solid alliance following the same sets of standards makes it easier to adjust and counter the moves of online malware and criminals.
- Preparation for Standards & Efficiency – Going through the compliance process ties into preparation for HIPAA, SOX, and other standards. In other words, it’s further checks and balances, better integrating and streamlining your general security strategy.
- Bad Things Happen to Good Companies – Like any set of standards or regulations, the PCI parameters are meaningful. They really will make your company safer against threats. If sensitive payment data is stolen, here are some potential results: 1.) Fines from the government; 2.) Card account cancellation; 3.) Fines from the credit card industry; and, 4.) Civil litigation.
When you choose a hosting company that is compliant, you get the benefits of PCI compliance as a part of your hosting package (so that you don’t have to go out and do all the work and vetting yourself). Although you can take advantage of our PCI compliance and other accreditations at Superb Internet, you may want to go out and get the compliance in place yourself as well to further establish credibility with your clients and partners.
Up & Coming Standards Acronyms: MBATT Pet Standard
MBATT, or “Must Be Able To Talk,” is a standard that many pet stores are beginning to adopt. Laura Wright, owner of Animals Galore in Newton, Massachusetts, explains what MBATT is and why she became compliant: “Basically, it means that all of the pets in your store must talk. It’s hard to get a dog or fish or cat to speak in public, so I just have all tropical birds now, along with a few insurance salesman wearing tails.”
That should give you a basic sense of PCI compliance. Your basic consideration when you’re looking at a hosting company is to make sure that it is at least secure with your information and your customers’ information. PCI, then, gives us a standardized way to know if a company is doing its best to keep sensitive data secure. Here are our web hosting packages if you would like to take a look. Please comment below if you have any additional late-breaking acronyms you would like to share.
by Kent Roberts and Richard Norwood