If you own a business and accept credit cards as a form of payment, you better have an understanding of what PCI compliance is and take measures to ensure you meet or exceed industry standards. Being PCI compliant is not only essential in order to protect your customers, but also to protect your business as well. Here is a closer look at what you need to know about PCI compliance:
What Exactly Is PCI Compliance?
PCI compliance is a list of standards set forth by the credit card industry that merchants need to follow. Even though compliance is not technically mandatory, if you are not in compliance your right to accept credit cards as a form of payment from your customers can be revoked.
PCI compliance is a method for making sure all companies that process credit cards all use the same security practices when it comes to processing, storing and transmitting credit card data online in order to protect consumers, the credit card companies, and your business.
What Steps Do You Need To Take Ensure PCI Compliance?
Depending on the sales volume of your eCommerce website and the number of transactions you complete on a yearly basis, your company will fall into one of four compliance categories. If you are unsure of what category you fall in, you should check with your merchant account provider to find out. While each level has its own specific standards you must meet, general compliance requirements for all companies regardless of transaction volume include the following:
- Your business must design and maintain a secure network or networks so that data transmitted during a credit card transaction is not compromised and additionally you must make sure that any data you collect from such transactions is stored securely. You will need to use a variety of tools like encryption, the use of non-public networks, firewalls, etc.
- You must have in place a means for monitoring and testing your processing and data storage systems on a regular basis to ensure that they always remain secure. Checks should include making sure you update your software programs when needed, replace hardware and more as required by the testing.
- You will need to make sure that access to any stored data is not accessible to your entire employee base as you never know when you are going to have a disgruntled employee that might make a security breach.
- Any employees that do have access to data and who help maintain data security need to be properly trained to minimize errors and help prevent accidental security breaches.
What Are The Consequences Of Not Being Compliant?
Not being PCI compliant can have dire consequences. Worst case scenario, you may lose your merchant account privileges and not be able to accept credit cards as a form of payment. This could be detrimental to your business and even put you out of business completely! Other issues you may have to deal with if you are not compliant include security breaches, fines, lawsuits against your company, and insurance claims.