Is Your Business PCI Compliant?

The Benefits Of PCI Compliance

Every business that takes credit cards as a form of payment should do what is necessary to keep their customer’s data information secure. To achieve this goal, there are certain requirements all companies should follow. The Payment Card Industry Data Security Standard (PCI DSS) outlines these important security standards. Any merchant who has a Merchant ID (MID) is responsible for the secure storage, transmission as well as maintaining customer credit card information in a safe and secure environment.

Notification
When there has been a data breach concerning a company’s credit card information, they will be notified. Breach notification laws were enacted in 2003 in California, and currently there are over 37 states that have these types of laws in place. This notification will be sent to the merchant and all parties that have been affected by the data breach. The merchant will be responsible for taking steps to resolve the problem and prevent it from happening in the future.

Compliance
Compliance with PCI standards identifies a company as an organization with a safe and secure credit card processing system. Should a business not be in compliance with PCI standards, it could be given fines by the organization that processes their credit card transactions if a data breach occurs. Should a business experience a data breach with credit card information being stolen, they will be given fines and charged fees from the bank, credit card brand, and others.

Advantages
Compliance with PCI helps a merchant’s reputation and builds trust. It provides a reason for others to believe in a company’s ability to process safely credit card transactions for customers, payment brands, acquirers as well as any organization with whom they conduct business. It is an evolving process, and the PCI Security Standards Council is always busy monitoring threats to data security. They provide a way for a merchant to effectively address any new data security threats as quickly as they are detected.

Obtaining PCI Compliance
All merchants are assigned merchant levels based on their credit card transactions during the period of a year. This transaction level includes prepaid credit cards as well as credit and debit cards. A small to medium sized company is considered a level 4 merchant. To satisfy PCI requirements, a merchant at this level must complete a Self Assessment Questionnaire (SAQ). The merchant must them pass a vulnerability scan with PCI. This is a system scan that is done by an automated tool. The tool will examine the merchant’s system for any sign of data breach vulnerabilities. The completed SAQ and proof of passing a vulnerability scan must be submitted along with any other requested documentation. Once PCI compliant, a business will have to experience a vulnerability scan quarterly.

Security Measures
A merchant must maintain a firewall configuration that is designed to protect cardholder information. A network support specialist can help your business be compliant. A PCI compliant merchant will provide layers of defense to secure data. This involves virtual as well as physical security. Customer data must be properly encrypted and protected from a system intruder. Regularly updated anti-virus software must be used. Access to customer credit card data must be restricted. A merchant must also regularly monitor and test all processes designed to prevent a data security breach and more.

Non-Compliance
There is no legal requirement for a merchant to follow PCI. It is a security standard developed by major credit card brands. A merchant who does not follow PCI standards could be given card replacement costs, forensic audits and more if a data breach does occur at their place of business. When a merchant is compliant with PCI, they greatly reduce their risks of experiencing such consequences.