PCI Compliance
PCI COMPLIANCE
The ABC’s of PCI Compliance
What is PCI compliance?
PCI stands for Payment Card Industry. All businesses which accept or process customers credit or debit cards need to be compliant to their rules and regulations.
How are the rules determined?
The major credit card companies (Visa, MasterCard, American Express, Discover and JCB) all joined together and created the Payment Card Industry Security Standards Council (PCI SSC) to determine what proper compliance will be (until that point, each company had their own rules). The PCI SSC established The Payment Card Industry Data Security Standard (PCI DSS).
What is the overall objective?
The overall objective of making sure all businesses which accept credit and debit cards are PCI Complaint is to ensure that the customers billing information is stored and transmitted in a secure way.
How does PCI compliance affect everyone?
CUSTOMER #1:
Do you do a lot of shopping online? If yes, then you have entered your credit card information online many times. How do you know your billing information is stored in a secure location on the vendors’ computer?
By accepting the major credit cards, all vendors must be PCI compliant, which means your billing information is secure.
CUSTOMER #2: How about if you never enter your billing information online – how does PCI compliance affect you?
Did you ever go shopping in the local grocery store and swipe your credit card, or call a 1-800 number and order something over the phone?
In many instances, these vendors are placing your data on their computer systems, which would open up the possibility for your billing information to be compromised.
Once again, we have PCI compliance to secure your billing information.
VENDORS:
Want to make money? Then you need to accept the forms of payment which your customers are paying with, and for better or worse, that means you need to accept credit cards!
Do you need to be PCI complaint?
Technically speaking, no, you do not need to be compliant.
However, if you are not compliant, and an issue arises – namely, your systems get compromised – the major credit card companies will subject to you fines, card replacement costs, costly forensic audits, brand damage, etc… In addition many payment processors require you to be PCI compliant.
What does it take for a vendor to be considered PCI compliant?
The rules depend on the way the vendor accepts credit cards (type of terminal) and the amount of transactions the vendor does on a regular basis (based on 12 month period).
To see which level your business falls under, click HERE to see the four different merchant levels.
Level 4, the lowest level simply requires “Recommended annual PCI Self-Assessment Questionnaire and quarterly network scan” while level 1 requires “Annual on-site security audit and quarterly network scan.” When it comes to passing these audits, they may require some technical assistance. To find out more, click HERE.
As always, if you have any questions or concerns,
feel free to call us at 718-676-6910
