If a business plans to accept payment through card transactions, they need to be aware of PCI DSS, Payment Card Industry Data Security Standards. These standards were created by the credit card industry and help establish security practices for businesses who plan to handle card information. When data breaches occur and businesses are found to be in non-compliance with the standards, they will have to face PCI DSS fines and penalties.
What are the PCI DSS Regulations?
In the case of a security breach, these regulations provide a guideline for businesses to stay in compliance.
In general, the guidelines suggest the following:
Encryption to protect cardholder data
Firewalls to protect stored information
Policies on and control of employee access to cardholder data
Routine checks of security systems
What are the Fines and Penalties for Non-compliance?
Any PCI DSS fines and penalties are handed down by the card companies and banks used by the non-compliant business. If a business has a data breach, the card company will investigate. If at the time of the breach, the bank is found compliant yet the business was non-compliant, fines and penalties will be levied onto the bank, and they can pass those fines onto the business.
While not a law, business owners should be well-versed in PCI DSS regulations to prevent fines and penalties in case of security breaches.