If you’re trying to set up a secure merchant account on your business’s website, you may have heard of PCI law and you may be wondering the all-important question: is PCI compliance mandatory? Luckily for you, PCI “law” isn’t official law so much as it is a list of guidelines for websites to follow to keep their customers secure.
However, even though the federal government doesn’t enforce PCI regulations as law, you can still be held accountable in many ways for failing to comply with them. Read on to learn a little more about the potential situations that could impact your business concerning PCI law and how to make sure you stay compliant.
What is PCI law?
Before you ask, “is PCI compliance mandatory?” you need to understand what PCI law is in the first place. PCI law refers to certain security protections that websites with any payment processing component are expected to have. These include both those that your payment system vendor supplies you and those that you are responsible for yourself.
Remember that even if you think your vendor is responsible for a service to make your site PCI compliant, you will ultimately pay the price if it’s not there.
For instance, firewall configurations that keep cardholder data secure as it’s processed through your payment vendor may be provided by your vendor or you may need to install them yourself. The protections your vendor offers by default may or may not be enough. Even though you have a secure merchant account, identity thieves are getting better every day at stealing customers’ payment information so it pays to be careful.
Change your default settings
Even as you’re wondering to what extent PCI compliance is mandatory, it’s a good idea to also consider how to make your secure merchant account as safe as possible.
One of the easiest things you can do to achieve this is to make sure to change the defaults on your vendor’s system. This means that your secure merchant account may not be secure until you do a little personalization.
For instance, the passwords and security features may not be secure at their default settings. A default password is one of the easiest things to hack, after all. Generate strong passwords that only you have access to in order to keep your secure merchant account safe.
You should also keep close tabs on who has access to your company network. You can assign other users but you should take the time to customize their access so that you know exactly what information they have access to, and remember that your business is responsible for the actions of its employees and contractors.
Creating a secure merchant account comes with the responsibility to process customers’ payment information, which includes handling their personal data. Businesses can be held responsible if identity theft or fraud occurs as a result of not securing websites in compliance with this PCI requirements.
That means that if your business has an online store component and you’re asking, “Is PCI compliance mandatory?” then you should know that the answer is technically, “no.” But you should run your business as though the answer is “yes.”
Call Charge.com at (888) 924-2743 to view your merchant account options.