Top Ten Reasons Why Pci is a Pain

Top Ten Reasons Why Pci is a Pain

IT used to be that PCI compliancy was optional for merchants who processed less than 6 million credit card transactions. With hackers becoming more innovative and brazen, however, these standards have become mandatory for all merchants who handle any credit card transactions no matter how few. That means, smaller merchants have now had to make their systems PCI compliant, and it hasn’t been a walk in the park. In fact, for some, becoming PCI compliant can be a downright pain in the you-know-what.

Here are the top ten complaints about PCI:

1. The self-assessment form is confusing - Businesses who handle less than 6 million transactions use a self-assessment form to validate their PCI compliancy. If you have an in-house “Geek Squad” that can handle all of your network security issues, this may not be a problem. But if you are like most e-merchants and can’t afford to staff a full-time IT specialist, some of the terminology on the self-assessment form might as well be hieroglyphics.

2. Lack of guidance - The PCI Security Standards Council only sets the rules. It doesn’t provide guidance to help live up to them. When it comes to achieving PCI compliance, you’re basically on your own.

3. It costs too much to upgrade your system - Depending on your particular situation it can cost a pretty penny to upgrade your network security to comply with PCI standards. Smaller merchants often don’t have the flexibility in their budgets for such an expense.

4. The burden on the merchant - Credit card companies do not have to foot the bill for the increased security despite reaping the benefits of the highest margins. Credit card companies can charge cardholders crazy-high interest rates, but you have to pay for securing cardholder information.

5. Compliant one day, non-compliant the next - The standards for PCI compliancy continue to change as hackers learn new ways to breach security. A single investment is not enough as new standards will have to be met on an ongoing basis.

6. Everyone has to do it - No matter how small your business, if you handle even a single credit card transaction, you have to make sure your system is compliant or face consequence from credit card companies and your acquiring bank. If only we could figure out how to take cash over the Internet.

7. Merchants don’t recover costs of upgrades - You probably won’t see any of your investment into your network security back. That’s just the cost of doing business now.

8. Variations on price and support from vendors - PCI solutions vary in price greatly from vendor to vendor. You have to comparison shop to make sure you’re not getting ripped off.

9. One scan is not enough - You are often required to provide a passing scan once a quarter to validate your PCI Compliance. It feels like a never-ending process because it is.

10. Some merchants store data because credit card companies require it - Much of PCI compliance is dedicated to securing data storage. Wouldn’t it be easier to just requiring data storage altogether?

To ease some of the pain of becoming PCI compliant, turn to Comodo’s Painless PCI program. Designed with smaller e-merchants in mind, the Free PCI Scan program walks you through the compliance process one step at a time

Article Source: Link

Vijayanand working as a online marketing co-ordinator in ID Theft team in Comodo, a leading internet security provider, offers a real time Identity Theft Prevention and Identity Fraud restoration services among others.