Adhering to a standard in business does a lot of things for your company. First, it allows you to advertise that you reach and maintain such standards. This shows potential and currant customers that you use and adhere to this set of policies and standards and that your activities as a business comply with these set of guidelines. In the cse of E-commerce it would show your customers that you are reliable and safe to deal with when it comes to their financial matters. It shows customers that you hold security of their personal details whether financial or otherwise to a certain height in your business. The PCI DSS website says that compliance with its standards with data security:
“…can bring major benefits to businesses of all sizes, while failure to comply can have serious and long-term negative consequences. Here are some reasons why.” * Compliance with the PCI DSS means that your systems are secure, and customers can trust you with their sensitive payment card information: * Trust means your customers have confidence in doing business with you * Confident customers are more likely to be repeat customers, and to recommend you to others
* Compliance improves your reputation with acquirers and payment brands -- the partners you need in order to do business * Compliance is an ongoing process, not a one-time event. It helps prevent security breaches and theft of payment card data, not just today, but in the future: * As data compromise becomes ever more sophisticated, it becomes ever more difficult for an individual merchant to stay ahead of the threats * The PCI Security Standards Council is constantly working to monitor threats and improve the industry’s means of dealing with them, through enhancements to PCI Security Standards and by the training of security professionals * When you stay compliant, you are part of the solution – a united, global response to fighting payment card data compromise
* Compliance has indirect benefits as well: * Through your efforts to comply with PCI Security Standards, you’ll likely be better prepared to comply with other regulations as they come along, such as HIPAA, SOX, etc. * You’ll have a basis for a corporate security strategy * You will likely identify ways to improve the efficiency of your IT infrastructure
("Getting Started with the PCI Data Security Standard", n.d., p. xx)
To stay compliant with this standard you must follow a 3 step policy, “Assess is to take an inventory of your IT assets and business processes for payment card processing and analyze them for vulnerabilities that could expose cardholder data. To Remediate is the process of fixing those vulnerabilities. To Report entails compiling records required by PCI DSS to validate remediation and submitting compliance reports to the acquiring bank and global payment brands you do business with. Carrying out these three steps is an ongoing process for continuous compliance with the PCI DSS requirements. These steps also enable vigilant assurance of payment card data safety.
Being an E-commerce business it is in your best interest to follow this (or one of the other) standards in relation to online security, especially since we are dealing with financial transactions and very sensitive information. Regardless of the followed standard there still remain vulnerabilities. Social engineering remains an issue and the fact that a user will be logging into his or her account from various devices remains an issue with hackers, and carders. We have to remember that the only truly safe environment is one that is consistently monitored for weakness and vulnerabilities and that these patches, updates and workarounds are in the daily routine. Keeping data safe is the main threat for this business as security personnel. Maintaining secure systems and accurate accounting. We are dealing in potentially large sums of money and are held responsible for any mishaps or incidences. Adhering to standards like PCI DSS will help us stay on track with analyzing and fixing issues that have or may occur.
References:
Getting Started with the PCI Data Security Standard. (n.d.). Retrieved from https://www.pcisecuritystandards.org/security_standards/getting_started.php