Why PCI Compliance Isn’t Just About Payments

Many businesses view compliance with data security standards established by the Payment Card Industry Security Standards Council (PCI-SSC) as just related to the acceptance of credit and debit cards. While these standards are designed to protect cardholder data, the standards are really about the basic IT security of your business, regardless of whether you accept payment cards.

Large businesses have internal IT teams that handle a wide array of functions, including managing their computer systems and maintaining a secure environment. Many smaller business outsource this function, relying on a third party to maintain their systems, handle the continuous flow of patches from software firms such as Microsoft and Adobe, and to upgrade their infrastructure as needed, such as the recent necessary upgrade from the Windows XP operating system.

Some small businesses, however, haven’t addressed the need for IT support. Just as any business needs adequate insurance, a bank account, a payroll vendor, an accounting firm and legal representation, in this age of technology driving so many functions, every business also needs an IT support firm. Failure to address this critical area is as dangerous to sustainability as failure to have proper insurance or to properly file tax returns. The work needed to maintain data security standards also applies to general business success – things such as maintaining proper firewalls, insuring password security and addressing software patches.

While IT support is needed to maintain compliance with data security standards, this same support will keep your business secure and operating to maximize your ability to succeed.