If you accept credit card payments in your business, then this concerns you — The Payment Card Industry Data Security Standard (PCI DSS) also known as PCI Compliance.
EVERY business that processes, stores or transmits credit card information is subject to PCI DSS. You are expected to safeguard and protect credit card information.
Here’s a high-level rundown:
- PCI was originally launched by the major credit card brands in 2006 to strengthen protections for credit card issuers and set standards on protecting credit card information by merchants and businesses.
- PCI Compliance has grown into a set of requirements that now applies to all businesses that accept credit card payments, regardless of size.
- PCI is not a federal law, but a set of standards created by the major credit card brands. Some states have enacted PCI-like legislation, so it would be prudent to check state regulations as well.
- PCI is administered by the Payment Card Industry Security Standards Council.
- As a business, you will fall into one of four (4) Merchant Levels depending on your annual credit card volume. Each Level has a set of compliance standards that must be passed in order to be considered compliant.
- If you suffer an attack in which credit card information was compromised, your business may be escalated to a higher Merchant Level requiring more stringent controls.
- Your Merchant Bank may require you to become PCI Compliant since they will bear the brunt of penalties for non-compliance from credit card issuers.
- If a data breach occurs, heavy fines and penalties can be levied by banks and service providers to non-compliant businesses. It is extremely important that you review your Merchant Account Agreement which should outline your exposure in the event of a data breach.
- If you accept credit card payments for your business, it is important for you to learn more about PCI Compliance and what is involved. For more information go to the PCI Security Council website and PCIComplainceGiude.org.
IT security, no matter the size of the organization, is extremely important to businesses and their clients. IT Security is not a luxury; it is a requirement to conducting business. Clients expect you to protect their information.
Although PCI Compliance is not federal law, the agreements and contracts you have with credit card issuers, payment gateways, and banks may provide for stiff penalties that can rack up significant financial losses and legal fees should a data breach occur and information is stolen.
If you would like to discuss the IT security of your business, call XSolutions, a PCI Compliant company, at 845-362-9675.