What is PCI Compliance? Common Questions Answered

If your business accepts any credit cards, then it is important to know what PCI Compliance is and how it applies. Knowing and abiding by the guidelines can save your organization from an expensive legal battle and ensure that your customers have the best security behind their purchases. Here are a few common questions regarding PCI Compliance:

What is PCI Compliance?

PCI (or Payment Card Industry) compliance requires following a defined the set of standards developed by the PCI Security Standards Council (which consists of AMEX, JCB, Visa, MasterCard and Discover). These standards apply to any company that accepts credit card payments, and all standards share the goal of providing and maintaining a secure network for customers that purchase via credit card.

Who Sets The PCI Standards?

The Payment Card Industry Security Standards Council establishes and sets the standards that must be followed by all merchants that accept credit cards. This council is managed by an executive staff and committee that represents the largest payment conglomerations such as AMEX, JCB, Visa, MasterCard and Discover. These members of the payment industry are assisted by many advisors throughout the process of updating and creating the requirements.

Who Must Comply?

Compliance Guide states that any organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data, must comply with the PCI standards.

What are The Most Important Standards?

Among the twelve PCI Compliance guidelines, four general rules of thumb stand out.

Defend cardholder data.

  • Write policies that proscribe data retention and disposal. Make sure the policies are being practiced. Use encryption. Mask data and render it unreadable. etc.

Defend against external threat.

  • Use high firewalls that are specially configured. Use anti-virus measures. Configure routers. Review firewalls and routers every 6 months. etc.

Defend against the internal threat.

  • Employee screening measures. Least-privilege policies. Documented approvals. etc.

Defend against complacency.

  • Regular compliance checking. Continuous tracking and monitoring. Alerts on suspicious activity. Auditing logs. etc.

 

Why is PCI Compliance Important for Small Businesses?

As a small business, within level 3 or 4, PCI compliance is especially important for ensuring that your organization does not incur hefty legal fees. Providing a safe mode of transaction ensures that consumers trust not only your business with their information and payment method but also the purchasing process overall. Without these rules, payments would be much riskier. Therefore, to retain the trust of the consumer, these compliance standards are enforced upon all credit card accepting organizations.

What if I Choose Not to Comply?

The PCI Security Standards Council clearly outlines the risks of non-compliance. In the interest of protecting the consumer, liabilities of non-compliance can include:

  • Loss of customer trust
  • Fraud lawsuits
  • Increased subsequent costs of compliance
  • Hefty legal fees
  • Fines and penalties
  • Termination of the ability to accept credit card payments
  • Lost jobs
  • Going out of business

Where Can I Find The PCI Compliance Standards?

The PCI Security Standards Council makes the updated version of their standards available here on their website.

How Can I Become (and Stay) PCI Compliant?

Partnering with an experienced trusted payment processor such as Tidal Commerce simplifies the process and ensures that your business is always in compliance with the regulations. Going above and beyond, Tidal Commerce also enrolls each of their merchants into a breach coverage program, which provides up to $100,000 coverage to merchants in the event of a breach. This coverage is rare in the industry, as normally the merchant is the one to suffer if they are breached and did not understand the responsibility or severity.

Contact Tidal Commerce to get started accepting credit cards, switching payment processors, or with any questions regarding PCI compliance.