All banks need to keep security, PCI compliance in mind
Guarding the private data of credit and debit card holders is one of the most important things a bank can do. Data security via high assurance SSL certificates and PCI compliance should be a practice that every bank is extremely consistent with, but BankTech said some financial institutions have failed to maintain effective programs stemming from a failure to understand how their operators fit into their system.
"Card brands have focused primarily on PCI compliance efforts of the banks with direct connections to the card brands, service providers and merchants, but have devoted much less attention to the compliance efforts, or lack of efforts, of the banks not connected directly to the card network," according to BankTech. "Likewise, card issuers and banks that outsource merchant services typically have given little thought to PCI compliance."
Banks may not think the rules apply to them because they own the data related to the cards their customers hold, but every bank that issues a credit card must follow the rules of PCI DSS or suffer the consequence, including fines and losing customers if there happens to be a data breach that affects people.
"Times are changing, and it is now abundantly clear that banks have been put on notice and need to address PCI compliance," the website said. "As banks begin this process, initial and ongoing compliance with the standard requires buy-in from an entire organization. A bank's first step is to perform an inventory of its data, which requires a thorough understanding of all the systems and processes in the organization that use credit card data and how all employees use the data."
PCI Compliance Guide said PCI DSS applies to all organizations and merchants, regardless of their size or the number of cardholder transactions. Banks should also look to protect online transactions with high assurance SSL certificates and other security methods.