Ignoring PCI compliance could cost you more than you think.
Mo’ money, more problems? If you work in an industry where you handle credit card data, you could find yourself in a lot of trouble if you ignore PCI compliance. But what exactly is PCI compliance and who needs to worry about it? We’ve put together your guide to answer all the burning questions you have.
|
Looking for a specific topic regarding PCI compliance? Use the links below to jump ahead: |
Payment Card Industry (PCI) compliance is a set of regulations developed to ensure that the credit card industry is properly managing and securing customer data. Before it was formed in 2006, there was no clear industry standard that all credit card companies had to follow, and that's a problem for any company that deals with big data.
|
Before we go any further, let’s dig into some quick definitions to help keep things straight:
|
In 2006, Visa, MasterCard, Discover, and AMEX established the PCI Security Standards Council (PCI SSS) to help regulate the credit card industry and establish clear operating guidelines for how consumer credit card information should be handled.
As with many compliance programs, PCI has seen several changes over the years. The most recent version is known as PCI DSS 3.2. It was first introduced in 2016 and officially replaced the old version of PCI on February 1, 2018.
There are two regulatory bodies that oversee PCI compliance:
The PCI Security Standards Council (PCI SSC) which designs the specific Data Security Standards (DSS) that are required of all merchants regardless of revenue and credit card transaction volumes.
The credit card companies Visa, MasterCard, Discover, and AMEX, who enforce consequences for PCI compliance violations
Basically, the PCI SCC is in charge of designing and implementing the standards for compliance. Any company that doesn’t adhere to them will have to deal with repercussions as set by the credit card companies themselves.
In short – any merchant that processes, stores, or transmits credit card data is required to be PCI compliant.
All of the major credit card companies came together and decided that merchants and service providers who handle consumer credit card information must prove that they are appropriately protecting that information.
This standard applies to all businesses, regardless of size. If you run a business and you handle credit card information from customers, you must adhere to PCI compliance regulations. It might be time to hire a chief compliance officer. Every business falls into a PCI compliance level, and each level requires a different standard of compliance difficulty.
There are four PCI compliance levels:
Level 1 is reserved for large enterprise corporations and has the most rigorous PCI compliance requirements. Nearly all small to medium-sized businesses will classify in the lower two levels. This does not mean that they can take it easier than larger enterprise corporations. Everyone is equally responsible to keep PCI compliance in the eyes of the PCI Security Standards Council.
But wait, does that mean that independent sellers need to create their own PCI compliance program?
Probably not. Most independent sellers use a vendor like Square, Etsy, or PayPal to conduct their business. These are known as payment gateway software solutions. These platforms are already held to PCI compliance standards, which means your sales are covered when you use their platform.
|
TIP: Find the best payment gateway software for your needs.
|
The requirements that the PCI SSC set forth for vendors to follow as known as the PCI DSS. They are comprised of 12 compliance points and anyone who is looking to stay compliant with PCI standards needs to follow them.
It’s not enough to just say you’re following PCI compliance. Every company is required to complete an annual PCI compliance validation check. This shows that you’re following the requirements as they are written and not jeopardizing any client data.
There are several steps to completing a PCI compliance validation. Lucky for you, we’ve put together a handy checklist to make it easier.
 |
A common misconception about PCI compliance is that it’s required by law. It’s not.
You might think that means that PCI compliance is optional, but that’s not the case. Because all of the major credit card companies have decided PCI compliance is required, it’s almost impossible to operate a business and ignore it.
|
So, what happens if you ignore PCI compliance?
|
PCI compliance violation fines can range anywhere from $5,000 to $100,000 a month depending on the severity of the breach.
You can’t ignore PCI compliance away. Either you adhere to the requirements or continue to get slapped with hefty fines and stricter rules. Instead, find the right way to stay compliant.
|
Interested in staying complaint in other aspects of your business? Learn how G2 Track can help.
|
Businesses have their own internal governance system – and I’m going to explain how it works.
by Lauren Pope
Complaining about compliance won’t get you anywhere.
by Lauren Pope
The concept of “building credit” can feel kind of elusive.
by Grace Pinegar
