Experts highlight the fact that many organizations wrongly assume that if they only transmit payment card data, or if they process a small amount of payment card data, they don’t have to be PCI compliant.In reality, the Payment Card Industry (PCI) clearly states that all merchants, regardless whether they’re large or small, need to be PCI compliant if they process, store or transmit payment card data.
However, as Solutionary’s Director of Strategic Security Court Little explains, most businesses try to find all sorts of excuses for not following regulations, fearing that it will be a real hassle to implement all the requirements.
What many of these companies don’t know is that it’s not necessarily all that difficult. Little emphasizes that many merchants might learn that they can become PCI compliant without high costs because the requirements that apply to them might be small.
Furthermore, even those who learn that the requirements with which they have to comply are numerous, they can try to make some changes to reduce their PCI classification.
“The short-term impact here is that you could have been PCI compliant with relative ease, but since you ignored it you have a whole new set of problems,” Little explained.
If you’re thinking “there might be a point here,” check out the blog post published by Solutionary to get all the details you need on the topic.