Intro to PCI Compliance
Intro to PCI Compliance
What is PCI Compliance?
PCI compliance is the term that one uses to describe whether a business is accepting payments in a way that meets security standards. PCI requirements are set by the Payment Card Industry Data Security Standard (PCI DSS) and are officially managed by the PCI Security Standards Council (PCI SSC). This council was founded by the biggest credit card providers in the industry, known as the card brands. They include: MasterCard, Visa, Discover, American Express and JCB International. This council is responsible for ensuring that merchants meet the required levels of security when they store, process and transmit cardholder data.
Becoming PCI compliant is not required by law, but most payment providers will advise that all merchants who accept payments follow these rules and regulations to protect cardholder data. As a business owner, it’s important to understand that fraudsters are out there and every business can have security breaches. Data can be stolen in many ways, but the most common ways include the following:
Identifying any security weakness is important to both your business and your customers. PCI DSS is what was created to defend your business against these attacks and potential threats.
How to become PCI Compliant?
There are several different levels of PCI compliance which all depend on how much your business processes in a 12 month period. There are four merchant levels into which your business will fall into. Those four levels are:
- Merchant Level 1: Processing over 6 million transactions every year
- Merchant Level 2: Processing between 1-6 million transactions every year
- Merchant Level 3: Processing between 20,000-1 million transactions every year
- Merchant Level 4: Processing less than 20,000 transactions every year
As you can see, depending on which level your business falls into, you are required to complete the appropriate PCI DSS Self Assessment Questionnaire (SAQ). This questionnaire, once completed, will provide evidence that the merchant has passed a test with the PCI DSS Approved Scanning Vendor (ASV).
For more information, please visit the PCI Security Standards Website.
What are the benefits of PCI Compliance?
For newer merchants, becoming PCI compliant might seem like a tall order. However, it’s much easier than you think. After approval, all of our merchants will automatically be sent this questionnaire for completion. That way our merchants don’t have to worry about becoming compliant.
The benefits to being PCI compliant include the following:
- You can boost the reputation of your business.
- You can ensure your customers will trust you with their information.
- You will avoid the consequences of not being compliant, like extra fees, potential fraudsters and data breaches.
- You can protect the longevity of your business.
What are the requirements for PCI compliance?
There are 10 key requirements for PCI compliance. We will break them down below:
- Protect cardholder data using firewalls
- Protecting data by not using generic passwords, using unique characters and no repeated passwords
- Cardholder data should be encrypted when transmitted through networks
- Keeping up-to-date anti-virus software
- Restrict/Limit cardholder data. This information should only be accessed by management on a ‘need to know’ basis
- Assign a unique ID to each user to keep track of who is accessing data
- Restrict physical access to all information
- Keep an up-to-date access log
- Use security systems and process tests
- Create a security policy and ensure all employees know the rules
What will happen if you are not PCI compliant?
As mentioned before, it is not required by law to be PCI compliant. The problem with not being compliant though, is you could accumulate damage to your business, like ruining your reputation and brand, or fines if your data is breached. Eventually, it will end up costing you money and time spent on your business.
Protecting your customers should be your first priority as a business owner. To become PCI compliant, reach out to your current payment provider. If you are a current merchant, please contact us for more information on how you can become compliant.
To become a merchant, click here.