What are PCI Requirements, and Should I be Worried?
Large and small businesses with merchant accounts online care about the security of their customers’ information. This isn’t just because they have a good heart, but also because of potential liability on businesses if credit card information is stolen from their servers. Identity theft that results after non-compliance with basic standards of internet security on a merchant’s website, known as the PCI requirements, may be the financial responsibility of the merchant.
Businesses may be wondering how to know what standards of security are required. These standards are known as PCI requirements, or payment card industry requirements. Knowing what the PCI requirements are, and how they affect businesses is essential in the 21st century online marketplace. Businesses with merchant accounts online need to know how to keep their customers safe–especially since it can help keep their business safe as well.
What are the PCI Requirements?
PCI requirements aren’t official “law,” on the books, and they aren’t punishable by criminal penalties if they aren’t followed. PCI requirements are guidelines determined by the credit card companies (e.g., MasterCard and Visa) to keep eCommerce transactions secure by protecting both consumers and businesses from faulty systems and fraud.
Firewall security standards make up one of the tenets of PCI requirements. While many merchant account providers offer firewall services to protect consumers’ sensitive financial information, not all of them necessarily offer it in basic packages, so it’s worth asking about.
There are some easy ways to keep networks more secure that will keep servers safe and compliant with PCI requirements. One of the easiest things a business can do is change the default passwords on their merchant accounts online to make it more difficult for hackers to get in. Generating original, complex passwords and keeping them secret from anyone other than essential personnel is an easy first step towards PCI-compliance.
Cardholder data should not be stored on company servers, as this increases the odds that it will be hacked. Restricting server access and encrypting transactions so that customers’ PINs are hidden as the funds are being transferred are necessary steps that businesses that plan on integrating eCommerce into their infrastructure need to take.
PCI compliance is not legally mandatory, but the consequences for not doing so can be severe. Failure to comply may result in fines being imposed by the merchant’s payment processor, and it may entail a messy identity fraud situation or a loss of consumer trust, both of which can be much worse than a fine would be.
The Takeaway
Compliance with PCI requirements for a business with merchant accounts online is a necessary safety measure to protect customers, as well as the the business. Compliance includes, among other things, minimum firewall protection, encrypted transactions, and restricted server access.
For assistance with complying with the PCI requirements, or to sign up for a merchant account, visit Charge.com or call (888) 924-2743.