The Payment Card Industry (PCI) was established to provide a universal set of security standards to protect sensitive consumer information, such as credit card numbers and account passwords. When we talk about PCI Compliance, we are actually referring to the PCI DSS, or Payment Card Industry Data Security Standard. The DSS is a protocol that every merchant who offers credit card payments needs to meet in order to be Compliant and protect their customers’ data. If you are looking to strengthen your payment security and learn more about PCI Compliance, there are a few fundamentals every business owner should know.
- There are four merchant levels of security
Merchants have different PCI requirements depending on their level. In summary, the bigger the business and the more credit cards it has access to, the higher the security risk and therefore a higher level of security and PCI Compliance is required. Levels 3 and 4 are the bottom tier, and is for merchants who process less than 20 000 transaction per annum (Level 4) or under 1 000 000 transactions per annum (Level 3). Level 2 merchants, who process between 1 000 000 and 6 000 000 transactions annually, have slightly higher PCI requirements, while Level 1 merchants, who process over 6 000 000 transactions per year, have the strictest requirements in order to remain PCI Compliant.
- You are responsible for ensuring that your business and your vendors are PCI Compliant
If you make any kind of financial transaction, even if it is just one, you are expected to be PCI complaint, and the onus is on you to ensure that you are. Furthermore, you are also considered responsible for the compliance of any vendor you use with your business, including software providers and third-party credit card processors. If you or one of your vendors is non-compliant, you could potentially be penalized.
- Businesses are required to use multi-factor authentication
As of February 2018, merchants are required to use multi-factor authentication for system administration and any activities that involve access to a Cardholder Data Environment. This update to the PCI DSS is in response to higher cybersecurity threats arising from weak passwords and single-factor authentication. Multi-factor authentication helps ensure that the handling of card data and sensitive information is kept secure, especially with remote access systems.
- PCI Compliance is not difficult
PCI compliance might seem like a minefield of technical terminology and complicated stipulations, but in practice, it is not difficult to follow at all. There are a host of technologies and systems available to help businesses reduce their risk of credit card fraud and abuse and remain PCI compliant. Some payment security features to help you become more compliant includes credit card tokenization, P2PE (point-to-point encryption), and fraud management filters.
- It’s an ongoing process
An important thing to bear in mind about PCI compliance is that it is not static. The standards for PCI compliance are continually being updated to include new technologies and threats, and the business owner should be following suit with their security measures. For more information on PCI compliance, or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.