What You Need to Know about PCI Compliance
If you’ve spent any time online, you’ve probably heard about identity theft, phishing, skimming, and other credit card scams. It’s something we all vaguely worry about, but most of us gloss over it as we continue to use our credit cards. And although it’s a valid concern, we’ve learned to live with it, because we’re not ready to give up our credit cards. From a business perspective though, you can’t afford to ignore it, because you’re not just responsible for your own bank account – you’re protecting your clients’ accounts, too.
The Payment Card Industry Council (often shortened to PCI) is a regulatory body that focuses on this exact challenge. The council has members from business interests, banks, credit card companies, and other stakeholders. Their mandate is to ensure credit card users (and their personal data) stay safe and secure as they transact. The council has put together a set of recommendations to ensure these card transactions are seamless and stress-free.
Getting on the list
Payment processors have to follow these recommendations if they want to be approved by PCI. The council doesn’t do the actual certification – they do it via QSA (Qualified Security Assessors). Also, the PCI doesn’t issue a physical certificate – or even a virtual one. When they deem you compliant, they simply add you to a list.
Ensuring compliance
Individual businesses who don’t follow PCI standards – may be subject to fines or extra fees from their payment processor. In order to qualify, there are twelve regulations that need to be observed.
These twelve regulations are subdivided into six categories. Some are fairly basic, like changing default passwords on devices. You should also have a separate user ID for everyone with POS (point of sale) access. This way, if anything does go wrong, you can follow up and see exactly who was responsible for the breach. You need to keep credit card access on a tight leash, protecting both the physical cards themselves and the digital data customers transmit. Have a security protocol in place, testing and reviewing it regularly to detect, resolve, and prevent data leaks. Activate strong firewalls and use superior encryption.
For more information on what you need to know about PCI compliance, or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.