PCI Compliance, also known as Payment Card Industry Compliancy, is a set of security standards developed to ensure safety in the process of handling credit cards. PCI compliance pertains to everyone involved with accepting or transmitting credit card data – from the business itself to the network/cloud provider hosting its payment processing system.
What does PCI Compliance mean for my business?
Compliance with PCI standards ensures that all security measures are in place to protect customers’ personal information, including credit card numbers. With upcoming updates scheduled for October 2013, the Payment Card Industry Security Standards Council is introducing additional payment data protection standards. Here’s a quick look at what these changes are and how they’ll affect your business.
What is PCI Compliance? – The Basics:
PCI compliance mandates that everyone involved in processing, transmitting or storing credit card data follow a set of security standards to protect this sensitive information. Key requirements include daily backups, malware scanning and routine penetration testing to safeguard customer account data against theft.
Why was PCI created? – A Brief History:
The PCI council was created in 2006 by five credit card companies – American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. – who were working together to standardize data security measures used by the payment card industry. The council now includes additional members with a vested interest in protecting payment data.
How does PCI work? – Understanding Compliance:
There are several requirements which business must follow to maintain compliance with the PCI security standards. These include daily backups, anti-virus installation and update, penetration testing and firewall configuration among others. For businesses that fail to comply with these rules, penalties can be severe for large-scale retailers.
Do I have to be PCI compliant? – The Risks of Non-Compliance:
Business that process card payments are subject to annual security audits in order to maintain compliance with the PCI standards. If payment records are breached, there would be serious financial repercussions since credit card companies typically reimburse customers for any fraudulent charges.
How do I become PCI compliant? – Meeting the Standards:
To receive or maintain compliance with PCI standards, businesses must complete an annual self-assessment questionnaire. This is typically done via an automated system which surveys business’ payment systems and procedures for potential risks. Businesses can contact their acquirers/processors for more information about this.
Who does PCI apply to? – Protecting Your Business:
PCI compliance requirements are strictly enforced by payment processors, including PayPal. All businesses that accept or transmit credit card information must maintain compliance with these standards, but large-scale retailers are likely to be audited first. As far as the cardholder is concerned, all they have to do is feel secure knowing their sensitive information is being protected.
Do I need PCI compliance software? – Meeting the Standards:
If your business requires PCI compliance, you’ll likely be required to present a security report during an audit. You can find various levels of reporting and different requirements with each credit card company (Visa, MasterCard, American Express).
What happens if I don’t comply? – Meeting the Standards:
Most companies that fail to meet PCI standards are required to stop processing card payments. However, larger retailers with massive IT departments can negotiate lower requirements with their credit card providers. For example, the requirement to perform daily backups might be waived if the business can demonstrate a secure environment with regular backups.
How much does PCI cost? – Meeting the Standards:
PCI compliance is free for merchants using software to meet industry standards, but many charge higher transaction fees to cover added costs. The average fee charged by PayPal is 2.9% + $0.30 per transaction.
Are there any benefits to PCI compliance? – Meeting the Standards:
The biggest benefit of meeting industry standards is increased security and peace of mind knowing that customer data is protected. In addition, for large-scale retailers who process millions of credit card transactions each month, maintaining high standards will help avoid steep fines and reputational damage. Plus, it is possible to negotiate rates with credit card providers if the business demonstrates diligence in maintaining compliance.