PCI Compliance: What It Is and Why Your Business Depends on It

The Payment Card Industry (PCI) Security Standards Council is an open forum of the five major global payment brands: Visa, MasterCard®, Discover® Financial Services, JCB International, and American Express®. It was established due to the huge amount of credit card data theft and fraud that was taking place in the credit card processing industry.

The PCI Security Standards Council develops, enhances, disseminates, and assists with the understanding of security standards for payment account security. The Council maintains, evolves, and promotes the Payment Card Industry Security Standards. It also provides critical tools needed for implementation of the standards such as assessment and scanning qualifications, self-assessment questionnaires, training and education, and product certification programs.

If your business accepts card payments and stores, processes, and transmits cardholder data, you should strongly consider becoming compliant with PCI’s standards. The argument for doing so is convincing. One security breach could cost you $100,000 or more, and 60 percent of customers who experience a breach go out of business within six months. Because hackers typically target vulnerable small and mid-sized businesses, the risk to most of these businesses is significant.

PCI compliance helps protect your business

Becoming compliant with these standards is a simple process. Once you are deemed compliant, your customers know that they can trust you, that you want their information to be safe. By becoming compliant, if you have a data breach, your processor will provide you with a liability policy to help cover any associated costs. A forensic audit that is done if a breach occurs costs $8,000-$20,000. This is in addition to a fine that is handed down from the credit card associations. If a breach occurs, you are also responsible to the customers whose information was stolen. The average cost for this is roughly $225 per credit card user. By being compliant, you have the backing of your processor to help you pay some of these costs. The amount of money provided depends upon the processor, but can be as much as $100,000.

When you decide to accept credit cards, it becomes your responsibility to ensure that both the customer’s card data and the credit card processing software are secure. This is why fines are issued to merchants when there is a security breach.

There are a couple of easy ways to protect your business in addition to being PCI compliant. First, limit the number of hands that touch credit card information by having just one or two people in your office handle transactions. Second, check the photo IDs of all customers that are present when you process payments. If transactions are processed over the internet, make sure you have a secure firewall or router in place with a complex password that only you know.

What if you don’t become PCI compliant?

What happens if you decide not to become PCI compliant? First, your processor typically charges you a non-compliance fee. Second, you are not protected if your data is breached. You are held responsible for all of the associated costs and fines. Ultimately, you stand just a 40-percent chance of recovery in the event of a security breach.