When you begin exploring your options for merchant accounts, you have to learn a whole new vocabulary. Some terms are more straightforward than others, though. One thing that many business owners find confusing is PCI compliance. While it may seem complex, it’s important to understand just what the term means and how it affects payment gateway providers.
What Is PCI?
PCI is the shortened version of the acronym PCI DSS, which stands for Payment Card Industry Data Security Standard. It’s a set of best practices that was developed by a group called the Payment Card Industry Security Standards Council back in 2006. The purpose of the council was to set up an industry-wide set of security standards and used input from the five major credit card companies: JCB, Visa, MasterCard, Discover and American Express.
There are 12 key components of the PCI DSS standard.
What Does PCI Compliant Mean?
When a company is “PCI compliant,” it means that they are processing payments in a way that is in line with all of the standards set forth by the PCI DSS guidelines.
Why Does It Matter if I Am PCI Compliant?
Many people believe that PCI compliance is required by law; however, except for in a few states that have adopted the PCI DSS as a part of their consumer protection laws, it is not. You won’t go to jail for not being PCI compliant, but that doesn’t mean that there are no consequences.
For one thing, you could be fined by any of the credit card companies that you accept through your merchant account. The size of the fine varies, but it can be quite large if a data breach occurred that resulted in significant financial losses.
More importantly, your business’ reputation could be hurt. The whole purpose of PCI compliance is to take steps to improve the security of customers’ financial data. While it’s still possible that your system could be hacked even if you’re compliant, if you don’t adhere to the best practices established by the guidelines, you’re at a much greater risk.
Studies have found that 60 percent of small businesses that suffer from data breaches that involve customer credit card numbers are out of business within 6 months to a year. The reason why is breach of confidence. When word gets out that the company’s systems are not secure, their reputation is damaged, and it can be hard for a small company to ever rebound. With so much riding on your brand image, it’s not worth the risk, especially when you consider that being PCI compliant does not require much work for merchants.
How Can I Make Sure That I Am PCI Compliant?
Much of PCI compliance is the responsibility of the payment gateway or merchant services provider that you choose. The best thing that you can do to ensure PCI compliance is to choose a provider that meets all of the standards set forth by PCI DSS and install antivirus software on your computers.
You should also develop policies and procedures that safeguard your customers’ credit card information. Only employees that need to know the information should have access to it, and each member of your team who has access should have a unique account or ID that is password protected. Also, you should make sure that your data is kept safe by storing it on an off-site data center that is PCI compliant.
Merchant Stronghold offers merchant accounts through a payment gateway that is fully PCI compliant and allows businesses to accept electronic payments anywhere. For more information about our services, please contact us today.