Research shows that up to 30% of small business owners are unaware of PCI compliance. Worse still, these people don’t realize that non-compliance can potentially carry penalties.
What is PCI compliance?
PCI (or, technically, PCI DSS) stands for the Payment Card Industry Data Security Standard. It refers to payment security standards that businesses use to safely and securely accept, store, process and transmit cardholder data during a credit card transaction. (Cardholder data is your customers’ credit card information.)
If you have a merchant account with a merchant ID and you accept payment for goods and services by credit card, you must follow PCI compliance regulations to protect your customer’s against data breaches and ultimately against fraud.
How do you know what the requirements are?
This is where the importance of partnering with a reputable merchant service provider is crucial. If you have the backing of a solid merchant service provider, they will explain all the ins and outs to you and keep you updated on changes and updates to the PCI regulations.
PCI requirements are quite in-depth, and they range from establishing data security policies for your business and employees to regularly removing card data from your processing systems and payment terminals, among other things.
Card data includes sensitive information such as:
- The full primary account number
- The cardholder name
- The credit card service code
- The card expiration date
Although this might all sound complicated, your merchant service provider will explain and guide you through it all.
Where can data breaches happen?
Some data breaches are unintentional and others intentional. It’s important to remember firstly, that although your intentions may be above board, you never know the true intentions of others, even your staff. Secondly, even if a data breach is unintentional, you can be held responsible: ignorance is not always an excuse!
There are common vulnerable points, and it’s vital to ensure that you eliminate them from your business, but these are not the only ones, so you may wish to put some thought into potential vulnerable points in your own business. Some examples are:
- Compromised card reader
- Payment system databases that are not secured
- Hidden cameras recording entry of authorization data
- An illegal tap into your wireless or wired network
- Print or handwritten information left lying around of filed away
What are the consequences of non-compliance?
If your business is found to be non-compliant with PCI standards, you could be risking fines, card replacement costs, forensic audits, forensic investigations and brand damage.
For more information about PCI compliance, or to sign up you’re a merchant account, please call (888) 924-2743 or go to Charge.com.