PCI Compliance is a huge hassle put in place by credit card companies solely to annoy merchants. Right?
Wrong. The truth is, PCI Compliance wasn’t created to get in your way—it actually helps your business process payments with ease. PCI Compliance is a security standard required by all businesses that handle, process or store credit cards. Created in response to the increasing number of security breaches, the Payment Card Industry Data Security Standard (PCI DSS) ensures that all merchants maintain secure processing practices.
Why Do I Need to Become Compliant?
You just have to. In order to make any credit card transactions, your business will need to become PCI Compliant—no exceptions, no bribes. That being said, you can still send us delicious treats if you think it will help.
No business is too big or too small to be the victim of a security breach. National brands like Bank of America and LexisNexis have both been hit with hefty fines and fees for not having the proper security in place. If a non-compliant merchant is breached, they can face up to $500,000 in fines, in addition to potential customer lawsuits, damage to company reputation, remediation costs and in some cases the end of your business altogether.
In addition, some card associations will threaten to fine merchants up to $25,000 per month until they become compliant. The bottom line: the cost of becoming compliant greatly outweighs the costs your business will face if breached.
PCI Compliance: From Risky to Ready in 12 Steps
So you’re ready to get compliant—good call. They say admitting it is the first step. Now here are 12 other steps to take on your journey to becoming PCI Compliant. But don’t think of them as steps, think of it as the leisurely escalator ride to secure payments processing.
Becoming PCI Compliant involves having the following 12 security measures in place:
1. Install and maintain a firewall to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored data
4. Encrypt transmission of cardholder data and sensitive information across public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
I Let’s Get Compliant
In addition to following the PCI 12-step plan, you will need to determine your business’ merchant level. Don’t worry; we’ll walk you through it. There are four levels of merchant accounts, determined by annual transaction volume, and the PCI Compliance requirements vary with each level. Each merchant will be required to complete annual security assessments and vulnerability scans of their network. Assuming you’re processing correctly, this involves simply answering about 20 yes or no questions about the way you do business.
Level 1: Merchants with more than six million transactions annually across all channels, including ecommerce. For Level 1 merchants, annual onsite PCI Data Security Assessment and quarterly network scans are required.
Level 2: Merchants processing 1,000,000 to 5,999,999 transactions annually
Level 3: Merchants processing 20,000 to 1,000,000 ecommerce transactions annually
For Level 2 and Level 3 merchants, annual self-assessment and quarterly network scans are required.
Level 4: Merchants with less than 20,000 ecommerce transactions annually. Level 4 merchants are required an annual self-assessment and annual network scan.
Let’s review. PCI Compliance is necessary, mandatory, and essentially put in place to protect YOUR business. And the best part is, becoming compliant is way easier than it sounds. It starts with a questionnaire, and ends with PCI fee-free processing.
Think of PCI Compliance as a safety net for you and your customers. You probably won’t fall, but you’ll sure be glad it’s there if you do. Don’t hesitate to call the team at Arrow Payments if you have any questions about PCI Compliance, non-compliance fees, merchant accounts, or where to send those delicious treats to.
Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments