Support Your App – customer support outsourcing for tech startups
  • Services
  • Pricing
  • Team
  • Career
  • Company
  • Knowledge Base
  • Contact Us
  • Get A Quote
    • SupportYourApp Facebook Page
    • SupportYourApp LinkedIn
    • SupportYourApp Instagram
    • SupportYourApp Twitter
    • SupportYourApp Youtube Channel

    What Is PCI DSS?

    Anna Shevtsova
    By Anna Shevtsova,
    Posted on March 4, 2021March 4, 2021

    6 min read

    Tweet0LinkedIn0Facebook0Email0

    According to Verizon, in 2019 71% of data breaches were financially motivated. IBM estimated that last year a global average data breach cost reached a point of $3.86 million. These numbers indicate a need for tough cybersecurity measures throughout all industries. 

    The Payment Card Industry Data Security Standard is a set of security standards and measures aimed to secure debit and credit card transactions and information from fraudulent actions. They were introduced by MasterCard, Visa, American Express, Discover Financial Services, and JCB International. 

    Generally, there is no authority that would impose and follow a business’ abidance by PCI DSS regulations, but any business dealing with these data directly or indirectly must obtain the certification and follow the guidelines set by it. 

    Only 27.9% of businesses are PCI DSS compliant. This is not enough to ensure there are no leaks and breaches. It is not easy to obtain the certification, but it ensures all cardholders’ data is secure. 

    In this article, we'll cover:

    • Levels of PCI DSS Compliance
    • Requirements of PCI DSS Certification
      • Make Security a Backbone of the Company
      • Train the Team Properly and in Accordance With All Standards
      • Ensure There Are Logs and Records of Everything
      • Make Restricted Access a Norm
    • Breach of Conditions: What Are the Consequences?
    • Perks of PCI DSS Certification
    • PCI DSS and SupportYourApp

    Levels of PCI DSS Compliance

    There are four levels of PCI DSS compliance and certification:

    • Level 4 — can be obtained by merchants, processing less than 20 thousand e-commerce transitions or 1 million real-world transactions annually. 
    • Level 3 — can be obtained by merchants processing between 20 thousand and 1 million e-commerce transactions. 
    • Level 2 — can be obtained by merchants processing between 1 and 6 million real-world credit and debit card transactions. 
    • Level 1 — the toughest level. Can be obtained by the merchants processing more than 6 million real-world transactions. 

    On every level merchants have to pass annual checks and scans to make sure they can still hold a certain level of security and are eligible for the certification. 

    Requirements of PCI DSS Certification

    To obtain the certification, merchants are to follow 12 steps: 

    1. Firewalls must be installed to protect cardholders’ data. 
    2. Password protection systems cannot be supplied by a third-party vendor. 
    3. All stored cardholders’ data must be protected.
    4. Transmission of cardholders’ data via open networks must be encrypted. 
    5. Antivirus systems must be used and updated regularly.
    6. All systems must be updated and maintained in accordance with all security policies.
    7. Only those who need access to cardholders’ data must have it.
    8. Each professional and piece of equipment must have a unique ID. 
    9. Physical access to cardholders’ data must be restricted. 
    10. All accesses to cardholders’ data must be tracked and monitored. 
    11. All security systems must be scanned on a regular basis. 
    12. Information security for the entire team must be addressed in a separate document. 

    A breach of at least one of these conditions will result in certification revoked.

    There are several steps a business might take to make sure the certification process is smooth:

    Make Security a Backbone of the Company

    Business owners say cyberattacks have increased by at least 68%. Businesses have increased their cybersecurity budgets by 25% on average. More companies started treating cybersecurity as one of the core bases. This means security standards like PCI DSS will get more popular and more required though time. 

    Train the Team Properly and in Accordance With All Standards

    On average 17% of sensitive company data is available to the entire team. Whenever this is the case, it is a big oversight on the security team’s part. The team needs to understand their responsibilities and limitations and be ready to report any violation they see from both in- and outside the company. 

    SupportYourApp team not only conducts training when onboarding, but our entire team regularly passes exams and tests to assure we know and remember everything there is about cybersecurity, compliances and certifications we have. This way we annihilate the risks of leakage or breaches from our team and ensure we all speak the same language. 

    Ensure There Are Logs and Records of Everything

    Everything must be logged and recorded: from physical access to the office premises, to access to different files, server rooms and so on. This can not only prepare the team for future restrictions that come with PCI DSS, but will make identifying the source of the leak easier, if such a need arises. 

    Logs and records will establish a certain discipline within the team and will help prepare for any future certification. 

    Make Restricted Access a Norm

    It is estimated that an average business encrypts only 5% of its folders. 

    30% of data breaches involve the members of the team, meaning they could be escaped or minimized if professionals only have access to folders and information they require. Making restriction and boundaries a norm will shield sensitive information from unlawful access and even breaches. 

    Besides possible difficulties with the certification and preparation for it, there are also consequences a business can suffer in case PCI DSS certification conditions are breached. 

    Breach of Conditions: What Are the Consequences?

    The penalties for PCI DSS non-complaints starts from $5000 (for Mastercard), $10000 (for Visa) to $100000. The penalties are paid monthly until the complaint is resolved. This is only one penalty the merchant faces. There is also a possibility of lawsuits, inherent financial losses and a blow to their customer base and reputation. 

    Banking systems might also impose additional penalties like increasing the transactions fees and can even terminate the relationship with the merchant altogether. 

    ‼️ The penalties go beyond plain breach of the PCI DSS certification. The business should also consider that a breach of PCI DSS also implies the breach of other compliances such as GDPR or ISO which can also result in lawsuits and additional monetary and reputational losses for any business.

    Perks of PCI DSS Certification

    ⬇️ Reduced risk of data breach — getting the certification is not about compliance alone. It is about perfecting the company’s soft- and hardware up to standard. 63% of breaches occur because of the faulty or plain old hardware. PCI DSS certification could push businesses towards updating their entire system, further ensuring the safety of users’ data.

    ✨ Improved customer loyalty — 64% of customers are unlikely to do business with a company that had issues with personal data safety. Taking time and effort to make the system not only secure, but PCI DSS-eligible will establish a trusting bond and could turn customers towards a business.

    💼 Makes cybersecurity a company culture feature — the reason for 95% of cybersecurity attacks is human error and only 31% of professionals get annual cybersecurity training. The majority of teams lack training and knowledge on what measure must be taken to prevent cyberattacks. PCI DSS certification could give any team a necessary push to make cybersecurity and data protection policies the core of company training and culture. 

    PCI DSS and SupportYourApp

    💛 🔐 SupportYourApp security standards have always been up to the highest requirements of the industry. We have obtained out PCI DSS Level 1 Service Provider certification in summer 2020. Our clients’ and customers’ security is our primary concern. We take all measures to ensure top-level security for everyone using our services. 

    ❤︎ Like it? — Share: Share on LinkedIn or Share on Facebook

    Anna Shevtsova
    By Anna Shevtsova.

    Anna has been working as a writer for 5 years. She previously wrote about financial markets, conducting the research on the state of bonds and stocks on a daily basis. She is a keen reader with interest in historical literature and international cuisine. Her latest obsession — customer communication and ways to perfect it. If you want to connect with Anna, follow her on LinkedIn.

    Posted on March 4, 2021March 4, 2021

    ♥︎ Like us on ↓ Facebook.
    We post nice stuff.

    ★ Join 500+ others

    Many people who visit this site subscribe to our newsletter and receive updates every week. Why? Because we post weekly :)

    Keep me updated

    ✱ 50%+ of people who read this, started following us on SupportYourApp LinkedIn LinkedIn

    Follow on LinkedIn

    Written by Anna Shevtsova

    Anna has been working as a writer for 5 years. She previously wrote about financial markets, conducting the research on the state of bonds and stocks on a daily basis. She is a keen reader with interest in historical literature and international cuisine. Her latest obsession — customer communication and ways to perfect it. If you want to connect with Anna, follow her on LinkedIn.

    • What Is PCI DSS?

      Support for Customers With Disabilities

      By Anna Shevtsova

      6 min read

    • What Is PCI DSS?

      Customer Data in Support

      By Anna Shevtsova

      5 min read

    • What Is PCI DSS?

      Chat Customer Communication

      By Anna Shevtsova

      5 min read

    Support Your App – customer support outsourcing for ytech comanies

    Helping modern startups scale faster by outsourcing customer support.

    European Customer Centricity Award for SupportYourApp

    Awarded with European Customer Centricity Award for 2020 achievements and approach.

    Company

    Pricing Team Career Company Knowledge Base QCRM Contact Us

    Follow us. Stay tuned:

    • SupportYourApp Facebook Page
    • SupportYourApp LinkedIn
    • SupportYourApp Instagram
    • SupportYourApp Twitter
    • SupportYourApp Youtube Channel

    Information security

    GDPR Info Privacy Notice Privacy Shield Notice Sub Processor List Cookie Policy

    Outsourced services

    Call Center Outsourcing Outsourced Answering Service Tech Support Outsourcing Ecommerce Customer Service Outsourcing Live Chat Outsourcing Help Desk Outsourcing Back Office Outsourcing Amazon Customer Support Outsourcing

    Locations:

    Delaware Reg. Office:
    1521 Concord Pike,
    Wilmington, DE 19803 USA

    Service Fulfilment Office:
    120/4 Kozatska Str.,
    Kyiv 03118 Ukraine
    +380 (66) 278 38 19

    Contact our sales:

    hi@supportyourapp.com
    1.888.959.3556

    Job Applications:

    cv@supportyourapp.com

    © 2010-2021 SupportYourApp, Inc. All rights reserved. 'Support Your App' is a registered trademark in the US and other countries.

    Share this ArticleLike this article? Email it to a friend!

    Email sent!