When people say PCI, they’re usually referring to one of two things. They either mean the Payment Card Industry DSS (Digital Security Standards), or the PCI Council, which is the regulatory body that developed those standards. This council isn’t a punitive authority. It doesn’t issue any actual certificates, and it doesn’t fine you if you don’t abide by its recommendations. However, its terms are seen as virtually mandatory, to the extent that Visa refuses to operate outside them. As a result, if your business isn’t PCI compliant, Visa won’t work with you, in the sense that any Visa payments to or from your business may be rejected.
This refusal to process transactions happens at the network level, not the customer level. So while your customer might happily swipe their card in your store, the transaction simply won’t go through.
Assessing PCI compliance
To be deemed compliant, entities have to establish and maintain protocols in six areas, and each one is subdivided. Here are the 6 PCI directives:
- Build a secure network and maintain it.
- Install a strong firewall and keep it up to date.
- Change all default passwords and reset customized security measures.
- Protect the data of your card holders.
- Keep customer data secure.
- Encrypt all data transfers.
- Establish and maintain a program that gauges and shields against vulnerability.
- Install anti-virus software and update it frequently.
- Initiate secure processes and systems.
- Identify and implement strong measures of access control.
- Restrict physical and virtual access.
- Give every user a unique log-in.
- Monitor and test your networks regularly.
- Check who has access to card data and resources.
- Test your processes and systems.
- Put together and maintain a policy on information security.
- Develop and regularly update a written document that covers every level of your personnel.
As a business, your role is to work with a company that will assist you with PCI compliance. You can also test your corporate security levels against PCI by looking through the list yourself and adjusting your business practices to match their standards. You can also assess yourself by filling out a PCI Self-assessment Questionnaire, available as a free download.
For more information on knowing whether your business meets PCI standards, or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.