The Payment Card Industry Data Security Standard, better known as PCI, is something that shows up on most merchant’s monthly statements but few merchants are clear on what PCI is all about. Whether you take payments via a terminal, over your website or even through phone or mail order, keeping your business and your customers safe is the number one priority of PCI DSS.
Defining PCI: The PCI Data Security Standards are the policies and regulations surrounding how card transactions are conducted and how card data is stored in order to keep cardholders and merchants safe.
These regulations are especially important for you as the business owner, because it prevents the misuse of your customer’s credit card information, and therefore reduces the risk of fraudulent transactions, chargebacks or disputes.
What Is PCI?
So what exactly is PCI? There are two main priorities when it comes to PCI:
Helping merchants and financial institutions understand and implement standards for security policies, technologies and ongoing processes that protect their payment systems from breaches and theft of cardholder data.
Helping vendors understand and implement standards for creating secure payment solutions.
Policies like only storing cardholder data through a secure, tokenized system, or clearing out your batch of transactions regularly are all a part of how PCI keeps you and your customers safe.
The standards that are relevant to your business depend on how you take payments. For example, if you take payments on a wireless machine, it’s important to use a password-secured internet connection. When taking payments through your website, you need to protect card information behind strong firewalls.
Some policies are much more basic, like if you process cards that aren’t physically coming into your business, you shouldn’t be writing card holder information down on a piece of paper and leaving this on a desk.
How Does PCI Impact Your Business?
Most payment providers will ensure that the machine or software you use is up to the latest security standards, and will also ensure that you as the merchant are protected in case a breach does occur.
PCI may appear to be just another fee on your statement, but this fee is also accompanied by a PCI Questionnaire that most merchants must participate in once a year. Most providers have their own PCI Assessment Tool, and will send out a reminder once a year.
If you are PCI non-compliant, your business is more at risk of a security breach, and your customer data could become compromised. This means it’s very important to complete your PCI annual assessment, and choose a provider that will keep your business safe.
What Do I Need To Do About PCI?
When it comes to PCI, there isn’t too much you need to do. It’s a basic, 3 step process:
ASSESS
Understand how you are taking card payments and how your customer’s information is being used and stored in your business. Make sure there are no vulnerabilities.
REMEDIATE
If there are any weak points, update your processes or your technologies to ensure card holder information is always safe and that you are always protected.
REPORT
Make sure that you complete any relevant assessments with your provider or the card brands based on the analysis you’ve done, and keep your business secure.
Becoming and staying PCI compliant is actually very simple. All you need to do is make sure you aren’t storing cardholder data without a proper system, and that you keep these processes, systems and machines up to date.
If you have questions about compliance, you should always ask your provider. You can learn more about specific policies here.
What Is This PCI Fee All About?
Most providers will charge a fee for PCI DSS on monthly statements. PCI Fees come directly from the PCI DSS Consel, rather than your provider. These fees are related to the internal costs of maintaining compliance, security audit costs, and fines for breaches and non-compliance.
When these fees are passed on to you from your provider, they may offer some additional service or benefit to you. They may also mark up your PCI Fees on your statements.
You may see PCI listed on your statement under a different name, like “Security Fee”, “Regulatory Fee”, or “Fraud Tools”.
In some cases, paying your PCI fee to your provider gives you the added benefit of being insured against fraudulent activity that may happen on the account. For example, customers who process with us are covered between $150,000 and $250,000 per breached card when PCI Compliant!
Those who process with Paytek also get assistance in completing their annual PCI questionnaire if they should need it. We use Safe-T Security, which is the top tier of protection in card processing, and makes your questionnaire process much simpler.
Summing Up
PCI are the security standards and regulations associated with taking card payments; it’s really important that you as a business owner keep your customer’s data safe, and keep your business secure.
Make sure to assess how you are taking payments, and that you never store cardholder data anywhere. Find a provider who can keep you safe, and provides added benefits to being PCI Compliant.
