PCI compliance is about more than just protecting your customers.
We like to shop only at the best establishments. And we like to think that our payment information is definitely secure, especially around the holiday season when we are all stressed enough by the expenditure, the weather and the family.
We all don’t want to receive a notice on Christmas morning saying that we have been victim to an identity theft.
Since most of our shopping these days occurs online (I’m looking at YOU Amazon, you temptress of easy gift giving…) cloud computing is naturally at the forefront of our experience as consumers, whether we know it or not. For those businesses running those web properties and eCommerce sites, maintaining a PCI compliance is an utmost consideration for not just doing business, but building a reputation that spurs further growth.
Many cloud providers look at compliance from the functional side: what are the regulations, what are the requirements, what are the best practices? Many don’t understand the compliance requirement as a very real part in how a business and consumers interact. Many businesses also shy away from understanding what the real human consequences of being compliant mean to consumers as well.
But is the security of personal information all that’s at risk here?
If you are a company that avoids taking the necessary precautions around compliance, what do you think will happen when the inevitable breach occurs? Customers won’t simply be mad. They will cease to be customers. There may even be some serious legal ramifications involved.
Beyond this, however, the damage done to a company will focus on its reputation. In business, reputation is still a valuable asset, something to be maintained at all cost. However, in the cloud-backed online shopping paradigm (as well as the cloud era overall) a business builds with the knowledge that at some point, something bad will happen. And not simply that it will occur, but its impact will be felt far and wide.
Outside of the actual event, reputation is at risk in your response. If you do not communicate what happened in an effort to save face you risk further alienating your consumers. If you are transparent from the get-go, you can position yourself better to repair the damage that might occur. This is why partnering with the right cloud provider is key. You want to ensure that all the standard and advanced processes related to compliance and security are fully considered. While this might seem costly in the short term, can it compare to the potential lost revenue a breach of customer data could create for your business?
Here’s a few high level points on things to think about:
- Put some documentation out to let you consumers know that you are PCI compliant (whether a badge, a microsite or even an additional page to your website prominently displayed)
- Go above and beyond the build criteria for compliance from a technical and process standpoint
- Adopt best-in-in-class security practices (your cloud provider can help with this)
- Frequently review you logs
- Run scans on a very regular basis (especially in high traffic moments)
- Upgrade to the next level of IDS
- Upgrade you security system
- Audit your firewall on monthly rather than quarterly
All this will gear your business for success even in the face of failure, which after all is the promise of cloud.
By Jake Gardner