Let’s Talk About PCI-DSS Compliance

Blog / Let’s Talk About PCI-DSS Compliance

PCI-DSS Compliance Impacts Almost Every Organization.

I’ve been writing for TRINUS for seven years now. Early in 2017, before articles about PCI-DSS compliance and when our newsletter topics were more broadly focused on all things information technology, I wrote about the realities of cyberbullying, and while researching it I discovered some surprising facts about Alberta law that many people weren’t only unaware of but also didn’t even realize they were bound by.

Since then we’ve increasingly narrowed our focus to cybersecurity-related topics like ransomware incidents and security policy best practices, and regulatory compliance, which means, as mentioned already, we’ll be talking about the Payment Card Industry Data Security Standard. Like the little legal facts mentioned earlier, this regulatory standard often applies to people and organizations who don’t even realize it because it applies to any organization that accepts plastic payment cards in any way, including online. That means there’s no need to use card swipers or otherwise physically interact with the card for PCI-DSS, as it’s otherwise known, to apply, leaving hundreds if not thousands of small- and home-business online storefronts bound by regulations they likely didn’t even know existed.

New PCI-DSS Compliance Rules

However, home businesses often operate with online storefronts using integrated 3rd-party payment applications like Shopify, who bear the brunt of responsibility for maintaining PCI-DSS compliance. For even slightly-more complex organizations though, staying up to date on the latest standards should be a priority. That’s because PCI-DSS compliance has become a common feature in cyberinsurance policies. Insurance companies are hell bent on improving their profits from their cyberinsurance portfolios, which means figuring out how to accurately gouge their clien… I mean, gauge!… accurately gauge their… uh, risk profiles.

Part of their current strategy includes investigating clients’ PCI-DSS compliance both prior to issuing a policy and of course, after an incident. To be considered compliant and get a policy, vendors must be certified by an approved 3rd-party auditor and get recertified every year, so maintaining compliance isn’t without its own sometimes substantial costs.

As for investigating clients’ compliance after an incident, a new version of PCI-DSS is set to come into effect in roughly six months. Organizations should therefore closely monitor their timelines for updating to the new standards, lest they unknowingly give insurers adequate cause to deny paying an otherwise legitimate claim during the transition.

If you’d like help becoming PCI-DSS compliant or have questions about any cybersecurity regulations that may apply to your organization, contact a TRINUS cybersecurity professional to get yourself some stress-free IT.

This quote comes to us from Hamlet: “Assume a virtue, if you have it not.”

 

Be kind to one another, courtesy your friendly neighbourhood cyber-man.

/Partners /Systems /Certifications

TRINUS is proud to partner with industry leaders for both hardware and software who reflect our values of reliability, professionalism and client-focused service.