In this week’s blog, we discuss the importance of ensuring that both your business and your customers are protected when making transactions, by ensuring you are PCI Compliant when offering card payment services.
What is PCI Compliance?
PCI Compliance is a set of regulations aimed at those processing debit and credit card payments, the Payment Card Industry Data Security Standard (PCI DSS), launched in 2006, aims to provide a safe and secure trading environment, via a universal standard. Managed by a selection of leading payment companies including Visa and Mastercard, collectively known as the Payment Card Industry Security Standards Council (PCI SSC), PCI has twelve requirements, which fall into six categories.
These cover areas such as the building and maintenance of a secure network, protection of cardholder data and monitoring of networks. While not actually a legal requirement, the benefits of becoming PCI compliant are so great that many see it as totally necessary.
How Does PCI Compliance Affect my Business?
Whatever the size of the business or organisation and the volume of transactions, PCI is applicable to anyone who accepts card payments, transmits any data or stores any information regarding that data. Different levels do apply, however, with merchants falling into one of four, based on the volume of transactions. Each level features different standards of compliance, designed to reflect the amount of risk the organisation may be subject to.
How will it benefit me if I am PCI compliant?
Not being PCI compliant, whilst not illegal, can seriously increase the risk your business or company is at. Should a data breach occur, for instance, the bank provider you use could pass on any fines directly to you, with the possibility existing that your business bank account may even be cancelled.
Bearing this in mind, a major benefit is that PCI compliance means your business can continue trading in confidence, something which can be passed on to the customer. Knowing that any data they have provided to you is as save as possible will reassure potential clients and customers and enhance your reputation as a safe place to conduct transactions. The damage caused by an erosion of consumer trust can be deep-rooted and long-lasting. Showing that your business takes the trust your customers place in you seriously can be vital to the long-term future of trading. Being PCI compliant means you can prominently display these credentials as proof.
Meeting the measures stipulated by PCI also means that you are protecting yourself, both from any data breach and from the potential fines that can occur as a result. The measures they suggest are designed to protect merchants, so complying with them is the best way to give a sense of peace of mind that you are doing all you can to protect yourself.
How can Card Cutters help you become PCI compliant?
There are four steps are involved in the process, the first of which involves determining what level of requirement you need to meet. Agents are on hand to assist with this and help your business accurately identify where they fit into the scale.
Following this, a Self-Assessment Questionnaire (SAQ) will need to be completed. These vary and are based on the ways in which you handle transactions. Again, Card Cutters are available to help with the completion of the questionnaire and any questions you may have yourself.
As part of PCI compliance, all merchants dealing with cardholder data are required to have external network vulnerability scans on their network or domain which have to be undertaken by an Approved Scanning Vendor (ASV). These have to be done quarterly, with vulnerabilities discovered as a result immediately tackled. The final step is the validation of the PCI compliance, followed by the reporting of such to Card Cutters.