Achieving and maintaining PCI compliance is very important for any business that accepts credit cards, debit cards or any other types of payment cards. Despite the fact that PCI has been around for almost 10 years, many merchants and business owners don’t know what it is and why it’s important.
Here are answers to three of the most common questions that business owners and finance directors ask their merchant services, payment processing or credit card processing providers:
Question #1: What Is PCI?
PCI is short for PCI DSS, which stands for Payment Card Industry Data Security Standard. Visa, MasterCard, Discover, American Express and the Japanese Credit Bureau came together in 2006 to establish this standard in response to a growing need for payment card data security.
These five major credit card providers established PCI DSS as a way to push merchants, both online and brick-and-mortar, to take steps to ensure that their customers’ credit card data remains secure.
Question #2: Does My Business Need To Be PCI Compliant?
While PCI DSS is not a law, if your business accepts payment cards of any type (credit, debit, etc.) or stores payment card data, you absolutely should become PCI compliant to avoid serious threats to your bottom line.
First, if your business is not PCI compliant, you could be subjected to serious fines. Card brands may fine card-issuing banks between $5,000 and $100,000 per month if merchants are not PCI compliant. Inevitably, these fines are passed on to the merchants. Additionally, not being PCI compliant could cause your bank to increase your credit card processing fees or even terminate your ability to accept credit cards at all.
If you ignore PCI compliance, your business is at a much higher risk for a security breach. This is particularly true for small-to-mid-sized businesses, as data thieves consider them to be “low-hanging fruit.” In 2011, 74% of card security breaches targeted merchants in hospitality, food service and retail.
If your customers’ credit card data is breached, you’ll face even more financial penalties. Businesses may have to pay between $8,000 and $20,000 for a forensics audit, plus $3 to $10 in card replacement fees for each customer whose credit card data is breached. As the United States transitions to accepting chip and pin credit cards, card replacement fees are going to increase significantly.
Remember, all of these fees and fines are in addition to the brand damage a data security breach inflicts. With all of these risks, your business simply cannot afford to ignore becoming PCI compliant.
Question #3: How Do I Achieve PCI Compliance?
Achieving PCI compliance isn’t easy, but as the financial risks outlined above make clear, it’s certainly worth the effort. Working with a high-quality merchant services and payment processing provider simplifies the process for your business, but it’s just the start.
The basic steps of becoming PCI compliant involve:
- Identifying the validation type appropriate for your business.
- Filling out the proper PCI DSS Self-Assessment Questionnaire (SAQ) for your validation type.
- Finding a PCI-authorized Approved Scanning Vendor (ASV) to complete a vulnerability scan of your business. A high-quality merchant services provider should be able to help you find one. (Note: Some merchant types are exempt from this scan.)
- Passing the vulnerability scan.
- Completing an Attestation of Compliance form.
- Submitting your SAQ, proof of vulnerability scan and Attestation of Compliance to the bank or financial institution that processes your credit and debit card transactions.
While achieving PCI compliance is a complicated and multi-step process, it helps to shield your business from serious financial risks, making the effort more than worthwhile.
Are you looking for a payment processing and merchant services provider as dedicated to your bottom line as you are? Schedule your free 30-minute consultation with a certified payment processing expert today.