For retailers that accept debit and credit cards, getting slapped with PCI non-compliance fines is unpleasant, to say the least. But companies that decide paying a monthly non-compliance fee is better than taking the effort to become compliant, they are opening themselves up to data breaches and potential lawsuits that could come out of a high-profile breach. That certainly hurts a lot more than becoming compliant in the first place.
As a business owner, you should make sure you understand PCI standards. Every business that stores, processes, or transmits credit card information is required to follow these standards in order to avoid hefty fines and penalties.
Overview of PCI Compliance
Simply put, PCI compliance standards serve the purpose of ensuring merchants securely handle the credit card data of their customers to help protect your customers’ sensitive financial information. When retailers fail to comply with the standards enforced by the PCI Standards Council, this makes it easy for hackers to steal credit card data and make fraudulent purchases or commit identity theft.
An in-depth study of PCI-DSS compliance found that retail organizations have the lowest levels of PCI compliance when compared to all other industries, while the IT industry demonstrated the highest level of full compliance. This analysis also found that 77% of companies that experienced a data breach were not in compliance with the PCI expectation that companies will install and configure a firewall and follow up with regular maintenance. Though that trend might be on the decline, demonstrated by the year-over-year increase in the number of businesses maintaining 100% PCI compliance.
Analyze Your Current Level of Compliance
PCI non-compliance fees vary based on the merchant services provider responsible for the account, since you provider typically charges you a monthly fee until your account is compliant. In order to avoid costly fines, you should look at where you stand with different standards of compliance.
Your first step is to find out your merchant level, which is determined by the number of transactions you process during a certain period of time. It’s important to note that you could have different merchant levels between credit card companies—for example, Visa and MasterCard have different criteria for assigning levels.
Once you know your merchant level, you can then pinpoint the different PCI validation requirements that apply to your business. For most businesses, staying compliant with PCI standards requires building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks, and maintaining an information security policy.
To help you take a serious look at your current level of compliance and determine which areas of your business need improvement with payment security, you can fill out this self-assessment questionnaire (SAQ). Then, be sure to fill out a formal attestation of compliance and any other appropriate paperwork—like SAQ and other requested documents—to prove your compliance.
As a jump start to becoming compliant, the PCI Security Standards Council has identified a few quick steps to security:
- Only use approved PIN entry devices
- Only use validated payment software
- Don’t store any sensitive cardholder data in computers or on paper.
- Use a firewall on your network and PCs
- Make sure your wireless router is password-protected and uses encryption
- Use strong passwords and change default passwords on hardware and software
- Regularly check PIN entry devices and PCs to make sure no one installed rogue software or “skimming” devices.
- Teach your employees about security and protecting cardholder data.
- Follow the PCI Data Security Standard
Choose a Merchant Services Provider that is PCI Compliant
Always contact your payment processor to verify their own PCI compliance. Working with the right merchant services provider can help you achieve and maintain full PCI compliance, while saving you time and preventing unnecessary PCI non-compliance fees.
As an industry-trusted leader, we help businesses quickly and easily process secure transactions while following full PCI compliance. Our free equipment can be tailored to meet your company's exact needs, and we even offer next day funding options. Contact BankCard Services today to learn more about how we can help you maintain a PCI-compliant merchant services account.