Comments on: A Sample Policy for PCI-DSS http://www.pcidssguru.com/pci-dss/a-sample-policy-for-pci-dss/ Payment Card Industry Data Security Standard Wed, 21 Jul 2010 14:56:30 -0700 hourly 1 http://wordpress.org/?v=3.0.1 By: Tom Cornelius http://www.pcidssguru.com/pci-dss/a-sample-policy-for-pci-dss/comment-page-1/#comment-41 Tom Cornelius Mon, 15 Sep 2008 20:20:56 +0000 http://www.pcidssguru.com/pci-dss/a-sample-policy-for-pci-dss/#comment-41 The interesting thing most people do not understand is that without the ability to document due care and due diligence on behalf of the company, the company can be found negligent for failing to adhere to known standards. The PCI DSS is a non-regulatory requirements, so the government does not have a play. However, being a legally-binding document, the PCI DSS can bring a Merchant into a courtroom. If one requirement from the PCI DSS is not met, the Merchant is technically non-compliant. If the Merchant is non-compliant, the Merchant is technically negligent. Where most business owners do not realize the risk is that insurance does not cover acts of negligence and the entire cost of the data breach, from fines to lawsuits and chargebacks will be completely left to pay by the Merchant. This could spell immediate bankruptcy for most Level 3 or Level 4 merchants. In simple terms, everyone needs robust policies and ensure those standards are being met. The cost of prevention is immensely less than that to clean up after a breach. The interesting thing most people do not understand is that without the ability to document due care and due diligence on behalf of the company, the company can be found negligent for failing to adhere to known standards.

The PCI DSS is a non-regulatory requirements, so the government does not have a play. However, being a legally-binding document, the PCI DSS can bring a Merchant into a courtroom. If one requirement from the PCI DSS is not met, the Merchant is technically non-compliant. If the Merchant is non-compliant, the Merchant is technically negligent.

Where most business owners do not realize the risk is that insurance does not cover acts of negligence and the entire cost of the data breach, from fines to lawsuits and chargebacks will be completely left to pay by the Merchant. This could spell immediate bankruptcy for most Level 3 or Level 4 merchants.

In simple terms, everyone needs robust policies and ensure those standards are being met. The cost of prevention is immensely less than that to clean up after a breach.

]]>