PCI Compliant – what you need to know

7 February 2013

What is PCI Compliant?

PCI stands for ‘Payment Card Industry’and it represents the debit, credit, prepaid, e-purse, ATM and POS cards. The major credit card issuers created compliance standards to protect personal information and make sure that there is a high level of security when transactions are processed with a payment card.

PCI DSS refers to the payment card industry data security standards, a set of 12 requirements that all businesses must comply with if they are dealing with credit/debit card payments. To be PCI compliant is to meet the standard security level.

Who needs to be PCI Compliant?

With consumers becoming more and more aware of identify theft and the dangers it brings, it has never been more important to be PCI compliant.

If you are a member of the PCI, whether you’re a credit card company, merchant or financial institution you need to comply with these standards if you plan to accept card payments. Failure in meeting compliance standards can result in fines from credit card companies & banks or even the loss of your ability to process card payments.

It doesn’t matter what size the merchants may be, or the number of transactions they make, if you accept, store, transmit or process any cardholder data, it is of the utmost importance to comply with the PCI DSS.

For the most of merchants, there will be an Annual PCI Self Assessment Questionnaire and Quarterly Network Scan.

How PCC DSS can help you

There are many reasons to be PCI compliant, which can bring many benefits to your business. Including the following defined on the paypal website;

  • Form a clear path of action to address any data security risks that may arrive
  • Identify risks for how your store transmits customer data security risks
  • Ensure that your service providers do not put your data security at risk – Ecommerce businesses need to especially careful of how they handle cardholder data, as when a customer makes a purchase on a website, their information is sent across the Internet and the data must be encrypted in a certain way.
  • Shows your customers that you take data security seriously encouraging them to make purchases

If you don’t comply with PCC DSS you could run into some of the following problems;

  • Liabilities such as the cost of any fraud on compromised credit cards
  • Breached security leading to investigation and legal costs which can be very pricey
  • A destroyed reputation and deterred customers
  • Disruption to your business
How to comply

Compliance can be confusing but Pay Pal give some fantastic advice, they say; ‘If you’re not yet using website payments pro but plan to, the easiest way to make your PCI compliant is to go through a PCI compliant partner or Trustwave. If you’re using website payments pro, your next steps will depend on how you integrated’ to read more from PayPal click here.

 

If you would like to know more about how to be PCI compliant please contact us today for a friendly chat.