Cybersecurity MUST be a top priority for the financial services industries.
Your data is always at risk of being exposed in a widespread company breach.
Banks, credit unions, and other financial institutions must work diligently to be prepared for the cyber threats of tomorrow, even as they become more advanced and complex. This includes meeting regulatory compliance requirements.
Losing your personal information in a bank breach is a huge deal; your credit score, chances of buying a home, or eligibility for a loan are all sometimes irreversibly damaged. Breaches cost banks even more in lawsuits and damages—usually upwards of $18.3 million.
They are entrusted with the most highly sensitive information an American citizen owns; they must return that trust with a tangible peace of mind.
This is where the Payment Card Industry Data Security Standard (PCI DSS) comes into play.
Bank business models are entirely dependent on trust, and if they end up in a lawsuit for neglecting their duty to uphold your data privacy, such as the 2021 Flagstar Bank breach, in which threat actors exposed the personal data of more than 1.5 million cardholders, their reputation could go up in flames.
When selecting a credit card, we recommend picking a company that enforces the Payment Card Industry Data Security Standard (PCI DSS) with any vendor accepting their credit cards.
What is the Payment Card Industry Data Security Standard (PCI DSS)?
PCI DSS is an international security standard developed for any business that handles cardholder information. It was developed by the PCI Security Standards council after credit card fraud began to rise in 2004, when the world began to embrace online shopping. Global giants in credit card services, such as Mastercard, American Express, Visa, and Discover, require any companies taking credit card payments in any matter to be PCI DSS compliant.
The 12 requirements of the PCI DSS, created specifically with cardholder data security mind, are:
- Install and regularly maintain firewalls
- Refrain from using vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data – don’t let it be easily accessible or visible
- Encrypt any transmission of cardholder data across public networks
- Install and regularly update anti-virus software
- Develop and maintain strict, secure applications
- Restrict cardholder data to a need-to-know basis
- Assign a unique ID to anyone with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
Vendors accepting credit card payments that fail to meet compliance with PCI DSS requirements face hefty fines averaging around $100,000 a month, as well as higher transaction fees. They can even lose partnership with their bank and become blacklisted to the Merchant Alert to Control High-Risk (MATCH) List, barred from processing any credit card payments and permanently damaging their business in the process.
How do you know if your financial data is truly secure?
When you place your trust in a bank or credit union, make sure to:
- Research to see if they have had any recent breaches
- Never input your bank information on uncertified websites
- Activate MFA when accessing your bank account online
- Never make your PIN your birthday
- Keep a long, difficult password that you haven’t used anywhere else
- Notify your bank whenever you travel so they can monitor for suspicious transactions
If you notice activity in your account that you’re unfamiliar with, and you suspect your information has been breached, you should have your bank:
- Freeze your account all together
- Cancel all cards assigned to your account
- Change all PINS and passwords
- Check your credit history for any new accounts
- File a police report
To ensure your finances are protected, look for more cybersecurity tips on our blog.