For attorneys out there that accept fee payments via credit and debit cards, properly securing your client's financial data should be an integral part of your office security.
But if it isn't, it's about to be.
Mandatory PCI compliance, which seeks to secure user credit card data, is now required for merchants accepting cards issued by Visa, MasterCard, American Express, Discover and JCB (Japanese Credit Bureau).
This includes even legal merchants like you.
The PCI Security Standards Council, a group consisting of the card companies listed above, is now requiring all merchants to implement a series of security protections and verify their continued implementation on a yearly basis.
PCI compliance focuses primarily on network security and testing; third-party merchant applications; and PIN transaction hardware, CNET reports.
Merchants will now be required to conduct annual network scans; provide secure authentication services; log application activity; protect wireless transmission; test computer software and applications; and encrypt traffic.
A failure to do so can lead to heavy fines and potentially having your contract with the card issuer revoked.
While PCI compliance seems like a bit of a hassle, consider it to be part of your ethical and professional responsibilities from now on.
As an attorney, you are expected to maintain your client's confidential information as well as to safekeep any property, including funds. Securing credit card and financial data is arguably a logical extension of these requirements, and PCI compliance is an effective way to meet these obligations.
- PCI SAQ - Forms and Validation Types (PCI Compliance Guide)
- PCI DSS Compliance: Accepting Credit Cards and Avoiding Data Breach Liability (FindLaw's Free Enterprise)
- Cyberattacks Now Targeting Small Business (FindLaw's Free Enterprise)