What is PCI Compliance?

PCI stands for Payment Card Industry. PCI standards were developed by the major card brands as a way to address potential vulnerabilities and guide organizations to maintain the integrity of cardholder data. All merchants are required to be compliant in order to accept credit cards.

Why is PCI Compliance Important?

PCI Compliance is a way to ensure businesses are practicing safe, ethical and secure acceptance of credit cards. This protects both the merchant and the cardholder. PCI standards primarily provide guidelines for proper protection against malware attacks targeting cardholder data; in fact, 58% of all malware attacks are against small businesses and cost business owners an average of $84,000 to $148,000! These standards also instruct businesses on how to train their employees to maintain the integrity of their customers data.

There are numerous penalties for businesses that are non compliant. Merchants will face fines and increased fees, as well as be subjective to the full cost of any data breaches that come as a result of non compliance. In the case of widespread vulnerability, businesses can suffer from lost revenue, negative image and even lawsuits and insurance claims.

How to Become PCI Compliant

Most credit card processors conduct regular surveys of their merchants’ compliance in order to maintain proper standards and assist their merchants in avoiding fees and security breaches. These surveys provide instructions and specifications for firewall protection, encryption, and security systems for online transactions and physical credit card equipment connections. You should always maintain a firewall configuration to protect data, and avoid missing security patches for your systems. Establish strong, private passwords and regularly monitor access to your network.

However, there are also plenty of measures you should take to physically protect your customers and your business.

  • Practice safe transactions by ensuring that the card used by a customer is valid.
    • The card should not be expired
    • Receipts should not show full card numbers and security codes
    • The card should be signed, and the signature should match the receipt
  • Practice proper PCI protocol with your employee
    • Restrict physical access to cardholder data to trusted employees and supervisors
    • Train employees to use credit card equipment properly
    • Train employees to inspect credit card equipment periodically for tampering
    • Be on the lookout for suspicious behavior from employees and customers
    • Never allow customers to access credit card equipment without approval

Have more questions? We can help! Check out our video on PCI Compliance and Contact Us for support.

Categories:: Credit Card Processing, Security, Uncategorized