Understanding PCI compliance and basic requirements is essential for any business who wants to accept credit cards or debit cards as a form of payment, especially those with high risk merchant accounts.
What Does PCI Stand For?
PCI stands for Payment Card Industry, it’s the first part of the full acronym PCI DSS. The DSS portion stands for Data Security Standard . Altogether, this is the set of rules that keep card data secure so consumers can feel confident making transactions with credit and debit cards.
What Is The Meaning of PCI Compliance?
PCI compliance means your company follows the standards in place to protect cardholder data. These standards are set by the PCI Security Standards Council . This group was created in 2006 when card brands combined to refine the systems in place for security and protection.
The Council makes the guidelines that businesses need to follow in order to obtain the compliant status. It’s the card brands like Visa, American Express, and Mastercard that ultimately enforce these regulations so people and businesses can trust their purchasing methods and online transactions.
Who Is Required To Be PCI Compliant?
All companies that read, transmit or store cardholder data are required to be PCI compliant . If not, you will be charged from $10 – $100 per month.
Third-Party Processors
Organizations who use third party payments operators should still maintain PCI compliance. This is because they still have essential customer information passing through their payment channels.
Recurring Billing
Any company that uses recurring billing as a payment model has customer card information stored. This makes them an excellent candidate for storage security precautions provided by PCI compliance regulations particularly for subscription merchant account holders.
Merchant Levels
There are four tiers when it comes to regulating cardholder security; they are based on size and number of transactions .
Level 1: A merchant who processes over six million transactions per year
Level 2: A merchant who processes one to six million transactions per year
Level 3: A merchant who processes twenty thousand to one million transactions per year
Level 4: A merchant who processes fewer than twenty thousand transactions per year
How Do You Become PCI Compliant?
In order to become officially PCI compliant you need to follow certain procedures and pass quarterly security tests. This can be in the form of a self assessment or an audit run by a certified administration. In addition you can find PCI software that shows you each step you have to take to gain certification and provides a baseline of practical measures to ensure your customer’s credit card data is safe.
Here are a few categories that your company will need to review in order to pass the certification.
- Data Storage – All customer data and payment information must be secure and not accessible by malicious or fraud-seeking entities.
- Transmission of Data – Your website and payment gateway store certain pieces of customer information. You’ll need to ensure this is secure and properly up to standard.
- Website Security – How vulnerable is information on your website. If hackers take over your site, they can extract transaction information and walk away with huge data breach intel.
Self Assessment Questionnaire (SAQ)
The self-assessment questionnaire is your first step to validate your compliance
Complete the instructions in order and send it to your acquirer to review.