Understanding PCI compliance and basic requirements is essential for any business who wants to accept credit cards or debit cards as a form of payment.
PCI stands for Payment Card Industry, it’s the first part of the full acronym PCI DSS. The DSS portion stands for Data Security Standard. Altogether, this is the set of rules that keep card data secure so consumers can feel confident making transactions with credit and debit cards.
PCI compliance means your company follows the standards in place to protect cardholder data. These standards are set by the PCI Security Standards Council. This group was created in 2006 when card brands combined to refine the systems in place for security and protection.
The Council makes the guidelines that businesses need to follow in order to obtain the compliant status. It’s the card brands like Visa, American Express, and Mastercard that ultimately enforce these regulations so people and businesses can trust their purchasing methods and online transactions.
All companies that read, transmit or store cardholder data are required to be PCI compliant. If not, you will be charged from $10 – $100 per month.
Organizations who use third party payments operators should still maintain PCI compliance. This is because they still have essential customer information passing through their payment channels.
Any company that uses recurring billing as a payment model has customer card information stored. This makes them an excellent candidate for storage security precautions provided by PCI compliance regulations.
There are four tiers when it comes to regulating cardholder security; they are based on size and number of transactions.
Level 1: A merchant who processes over six million transactions per year
Level 2: A merchant who processes one to six million transactions per year
Level 3: A merchant who processes twenty thousand to one million transactions per year
Level 4: A merchant who processes fewer than twenty thousand transactions per year
In order to become officially PCI compliant you need to follow certain procedures and pass quarterly security tests. This can be in the form of a self assessment or an audit run by a certified administration. In addition you can find PCI software that shows you each step you have to take to gain certification and provides a baseline of practical measures to ensure your customer’s credit card data is safe.
Here are a few categories that your company will need to review in order to pass the certification.
The self-assessment questionnaire is your first step to validate your compliance
Complete the instructions in order and send it to your acquirer to review.