PCI stands for “payment card industry” or you may see it as PCI-DSS which stands for “payment card industry data security standards”, it sets the credit card payment standards that we, business owners, need to comply with. So if your business accepts credit card or debit card transactions that stores, processes or transmits a cardholders data, you will be required to be PCI compliant. Heading the PCI is the PCI Council, which is composed of the world’s leading credit card companies, Mastercard, American Express, Visa, JCB, and Discover.
Why do I need to be compliant?
If you read or watch the news, you’ll see that credit card fraud and data breaches have caused billions of dollars in losses for businesses. In 2018, 765 million of losses were in just the months of April, May, and June alone – with losses surpassing tens of millions of dollars, according to global digital security firm Positive Technologies.
As a business owner it’s vital your payment transactions are safe and secure.
With all the new innovations coming out today, from eCommerce, online shopping, social media, and many others, fraudsters now have even more means and methods to commit fraud. Let’s say you accept payments from a stolen credit card (of your customer or client). This then becomes a chargeback to your account, which means you are liable for paying back the amount charged to the owner’s credit card. You also might have to pay other fees to your merchant account provider.
Not only are you losing money from a chargeback, but it doesn’t look too good on your company that you aren’t processing secured transactions. This in return might lose you some customers. As a business owner it’s vital your payment transactions are safe and secure.
Fees
There are two different kinds of fees that you can receive, one can be from your processor which they usually will charge a small PCI non-compliance monthly or annual fee when a business is not compliant with PCI-DSS requirements. This fee can range from $10 to as high as $100 a month. The second one can occur by the card brands if you are non-complaint and it leads to security issues or a breach. Which that fee is usually a one-time large fee.
To see if you are being charged a non-compliance fee through your processor, you can see it listed as a fee on your monthly statement. To avoid these fees you need to become PCI compliant. It’s extremely simple, all you do is take a brief self-assessment questionnaire (SAQ) through your processor annually.
Next steps to be PCI compliant
- Determine what level of compliance standards your business needs to follow. There are 4 levels to choose from, depending on the scope of your business, the size and other details. You can see those here.
- You will also need to fill out a Self-Assessment Questionnaire in order to determine which particular PCI standard you should meet. There are online forms available which can help you find the appropriate questionnaire to use. Once you’ve determined which standard applies to you—just fill out the SAQ.
- Do you use scanners for your business? If so, then you might have to conduct a “vulnerability scan,” to ensure that you’re complying with PCI standards. This vulnerability check will be done by a PCI SSV Approved Scanning Vendor, who will test the safety of your payment transactions. Note: Not all businesses are required to do this. As it is, you might want to double-check if this regulation applies to you.
- You will then execute and submit a so-called Attestation Compliance form, which is normally included in the SAQ.
- Submit all the necessary documents to the bank you belong to, including the SAQ, the Attestation Compliance form, proof of passing the vulnerability scan, as well as other pieces of important documents and evidence.
These standards are part and parcel of running a business, so complying with them is essential. If you are new to PCI or would like to learn more, you can give RedFynn a call at (888) 510-9871. We love to help businesses avoid unwanted losses, and help you become even more profitable.