All your credit card processing equipment, hardware and software, must meet 12 requirements outlined in the Payment Card Industry Data Security Standards Council (PCI DSS) as well as the Payment Best Application Practices (PABP).
Noncompliance puts you at risk of a data security breach, in which customers’ credit card information or other sensitive information can be stolen or compromised. This will not only result in your customers losing trust in your business, but it could also result in fines ranging up to $100,000. Either way, the consequences to your business could be dire.
How do I know if my hardware is PCI compliant?
You can find out if your hardware and software is PCI Compliant by having a PCI scan conducted on all your credit card processing equipment. PCI scanning checks all your operating systems, networks, devices and software for vulnerabilities that could result in a data security breach.
Authentication scanning is another means of ensuring that your customer’s sensitive data s secure. Anyone using your network potentially has access to your backend systems and databases where sensitive data is stored. Authentication scanning searches for vulnerabilities in protocols that block users from accessing information. Some important security measures tested are:
- Username and password
- Security credentials
- Authentication methods
Do I need to do this only once?
Once you have been certified PCI Compliant, you have to maintain compliance. Depending on the system you run, you could have to be approved quarterly or annually. To maintain compliance, you must protect:
- Your network: the operating system that you use for credit card processing
- Your terminal: the device you use to take credit card payments
- Your software: the credit card processing program that accepts credit card payments
All card processing equipment is vulnerable to data breaches.
If you have signed up with a merchant credit card processing service that is not PCI compliant, and there is a data security breach on any of your transactions, you are not off the hook! Apart from the fact that fraudulent transactions will be charged back to your account, you could be fined, and your customers may not come back, your merchant account could be suspended. You won’t be able to accept credit card payments anymore. Just think of all the hassle and money lost!
It is your responsibility to make sure that your card processing service provider is PCI compliant. Ignorance is not an excuse, and you have every right to ask for proof.
That is why signing up with a card processing service provider that takes PCI compliance seriously is vital. If you sign up with a responsible processor, you will know that they are PCI compliant because they will tell you so via their website, blog posts, call center, and they will make PCI compliance a priority when you first sign up.
Don’t risk your businesses success or reputation. For more information on PCI Compliance of hardware and software, or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.