Not PCI-Compliant? It’s a Risky Move for Your Business
Here’s the truth: Any business that accepts credit card payments needs to be PCI-compliant.
Why? Because if your business is non-compliant and a customer’s cardholder data is compromised as result of your negligence, you’re the one who pays.
What Is PCI?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements for handling credit card information that’s meant to ensure that all companies maintain a secure environment for credit card transactions. It’s set forth by the card brands (Visa and Mastercard) and governed by the PCI Security Standards Council.
What Happens if My Business Isn’t PCI-Compliant?
If your business doesn’t meet the PCI standards for compliance and the security of cardholder data is compromised, you are liable – and could end up paying thousands of dollars in fines.
Some of the additional liabilities and fines include:
- All fraud losses incurred from the use of compromised account numbers
- Cost of re-issuing cards
- Cost of any additional fraud prevention/detection activities
External Hackers Aren’t the Only Threat
While most businesses assume that an external source is the only threat to their data security, an internal source may be a larger hazard. “A disgruntled employee can come in and discretely steal card information throughout the day,” Rob Kroeger, Infintech’s director of integration, points out.
Furthermore, there’s a trust factor, especially in the eCommerce world. “When a customer goes to your website, they’ll take the appearance – the look and feel – into account. Being able to publish your PCI-compliance bolsters your trust factor,” Rob adds.
How Do I Become PCI-Compliant?
There are four levels of PCI compliance and your classification depends on your annual transaction volume. (The volume calculation is based on the gross number of Visa, Mastercard or Discover transactions processed within your merchant account.)
From there, you’ll have to complete an annual PCI self-assessment questionnaire. (Quarterly scans are required if any of your equipment is internet-based.)
“The questionnaire points out and asks very poignant questions about how you process cards. What do you do with receipts? Do you store card data in any way – and if so, is it written on paper or stored electronically? Is it password protected? These things fall into the realm of a merchant being PCI-compliant,” Ken Harwell, senior payment processing advisor, explains.
Your payment processing advisor can help you determine what category you fall into.
Is Your Business PCI-Compliant? Find Out:
Contact Infintech online or call 1-800-621-8931.
Subscribe to Card Talk
Our monthly newsletter delivers the latest payments news straight to your inbox