What Does “PCI-Compliant” Mean?
If you have spent any time looking for credit card processing companies, you have probably seen the term “PCI-compliant” floating around. But, what does PCI-compliant mean, and what does it mean for your business? More importantly, why should you work with a credit card company that is PCI-compliant?
In short, any company that takes credit card payments is required to abide by certain security measures. Companies that abide by these agreed-upon standards are called “PCI-compliant.” In other words, a PCI-compliant processing company has met certain security benchmark standards for the gathering, transmission, encryption, and proliferation of credit card information.
The point of PCI-compliance is to ensure that credit card processing companies are handling financial information in a secure and responsible manner. Companies that are PCI-compliant can be counted on to handle information securely.
Who Makes PCI Standards?
Payment Card Industry Data Security Standards (PCI DSS) are created by the PCI Security Standards Council, an independent organization formed by major credit card companies such as Visa, MasterCard, American Express, and Discover. PCI DSS is a set of standards launched back in 2006 to make sure credit card companies were maintaining a secure environment for information transfer.
PCI DSS includes a set of guidelines meant to direct the process of handling information. PCI DSS contains 6 major requirements, which are:
- Maintain a secure network
- Protect customer data
- Create a vulnerability management program
- Implement control measures
- Monitor and test networks
- Maintain a secure information policy
Along with these 6 major requirements, PCI DSS contains 12 explicit requirements which include the use of firewalls, password protection, encryptions, and unique IDs, among other things. The most recent version of PCI DSS standards is version 3.2.1 which was released in May 2018.
Additionally, PCI-compliance standards can differ slightly depending on the type of company and what kind of financial information they handle. For example, encryption requirements on cardholder data only apply to companies that actually store cardholder data.
What Happens If a Company is Not PCI-Compliant?
Any company that deals with credit card payments or other online payments must abide by PCI-standards when conducting operations. Furthers, companies are required to continually update their security practices in light of new threats to cardholder security.
If a company is found to not be PCI-compliant, they can incur heavy fines or may lose certain liability protections in the case that their data is breached and customer info stolen. If a data breach occurs and a company is not PCI-compliant, then it may be forced to pay penalties and fines.
PCI non-compliance also looks bad for company brands. Customers are much less likely to work with a company if their data protection practices do not meet a certain level of security. Non-PCI compliance can cost you sales and customers, frustrate day-to-day operations, and lead to lawsuits, insurance claims, and government fines.
If you are interested in learning more about PCI-compliance and credit card processing, give us a call at (888) 942-2743 or visit our website at Charge.com.