Payment Card Industry (PCI)
The payment card industry or PCI refers to the credit, debit, pre-paid, e-purse, POS and ATM card industry and associated companies.
The organizations who make up this industry store, process and transmit everyone’s credit or debit card information.
There are specific security standards which have been developed for this process of retrieving and using the card holder’s information and every business who processes payments must be compliant with these standards.
It’s very important you understand what PCI is and what its primary functions are. You, along with every other business seeking to process payments, won’t be able to function properly without risk of heavy fines if you are not PCI compliant.
It doesn’t matter what size your business is or how many transactions you process, if you run a business who accepts, stores, or transmits cardholders’ data via a POS system or online payments through a virtual POS, PCI compliance is required.
The reason for this is to keep your customers’ and your information safe. An SSL encryption is used to transfer and process the payments which helps keep the transfer of information safe.
If you aren’t PCI compliant, you will be charged fines by the credit processing entity you use. Considering how tight money already is for most small businesses, your business could probably afford to NOT pay these fines.
There are 4 levels of PCI compliance every merchant is categorized within.
The first level includes any merchant, regardless of acceptance channel, who processes over 6M Visa transactions per 12-month period.
The second is any merchant, regardless of acceptance channel, who processes 1-6M Visa transactions per year.
Third is any merchant who processes 20K to 1M Visa transactions per year.
The fourth is any merchant who processes fewer than 20K Visa transactions per year and also any merchant, regardless of acceptance channel, who processes up to 1M Visa transactions per year.
An acceptance channel could be simply a physical POS system. This is just one example of an acceptance channel. An acceptance channel is any device, physical or virtual, used to accept credit and debit cards.
The security standards your business must adhere to are called the Payment Card Industry Data Security Standards (PCI/DSS) and are used throughout the entire credit card industry.
Up until 2015 credit cards have used the magnetic stripe on them to store and transmit data to the credit card processor for approval.
Although this has been the standard for credit cards in the United States for decades, the new standard is called EMV and it processes transactions via a tiny chip built into the card. Because of this transition to chip cards, the PCI compliance standards have changed along with it.
These cards come equipped with enhanced security features, but can still be susceptible to fraud. The DSS security standards does its best to address these security threats as best as possible.
The Payment Card Industry’s Security Standards Council is in charge of the ongoing evolution of PCI/DSS. It was started in 2006 and consists of all the major players in the credit card industry, including AmEx, Discover, JCB (Japan Credit Bureau), Mastercard, and Visa.
While you don’t need to remember all the specifics about the Payment Card Industry and its origins (we think it’s as boring as you do), it is important you make sure your business is PCI compliant!
You will be levied some serious fines if you don’t make sure you have become compliant to these standards.
Remember, it doesn’t matter if you run a gas station out in the middle of the country or you run an online store out of your home. If you are accepting customers’ credit card information, storing it, and using it to process card payments, you must make sure your business is PCI compliant!
We would hate to see you incur heavy fines and possibly be hindered in your business efforts because you weren’t aware of this requirement.
Your customers depend on you to provide them with the goods, services, and merchandise they have come to love from you/your business. Do yourself and them a favor and get up to speed on PCI compliance!
There is plenty of information online to help you be informed and help you make sure your business is 100% compliant. But here’s a nifty PCI compliance checklist we created for you.
Or, even better, call us here at RedFynn and speak to one of our compliance experts. We have all of the answers to all of your payment card industry questions.
Talk with you soon! (888) 510-9871