Acronyms are often thrown around the office like softballs. But when you hear the words “PCI Compliance” you probably will want to pay attention – especially if you want to stay in business.
What you don’t know can hurt you PCI Compliance or Payment Card Industry Compliance is a set of unified rules and guidelines created by the PCI Security Standards Council (PCI SSI) and enforced by the credit card brands (Visa, MasterCard, American Express, Discover and JCB). These are not “laws” but rather rules enforced by the credit card brands to protect cardholder data. Violations in these PCI rules and guidelines could result in potentially catastrophic fines that could cripple your company and brand. Additionally, you may be suspended from accepting credit cards, which is equally disastrous.
The PCI standard has 12 sections and 5 levels that determine the specific steps a business must take to insure protection. There are understandably different requirements for a small business vs. large chain restaurant or an internet retailer vs. a small retail chain. Specific requirements for each card brand may be found below.
- American Express: www.americanexpress.com/datasecurity
- Discover Financial Services: http://www.discovernetwork.com/merchants/fraud-protection
- JCB International: http://www.jcb-global.com/english/pci/index.html
- MasterCard Worldwide: http://www.mastercard.com/sdp
- Visa Inc: http://www.visa.com/cisp
- Visa Europe: http://www.visaeurope.com/ais
Are you vulnerable? Depending on your classification level, an on-site assessment and a scan of your network and systems may be necessary. For smaller merchants, just an SAQ (Self-Assessment Questionnaire) is required to be completed that will alert you to potential vulnerabilities and guide you to the steps that must be taken. Often times, this questionnaire is required to be turned in to your credit card processor or bank as validation that you are PCI Compliant.
Bottom Line: If your business accepts credit cards, PCI Compliance applies to you and must be taken seriously. If you’re lost, confused, or just don’t understand – your credit card processor can help you with the process. It is in their best interest for you to continue accepting credit cards. Speak to them and ask for guidance, even if you have to politely remind them that YOU pay them.
“Plastic” has largely replaced Jacksons, Benjamins and Washingtons. Which is why it’s as important as ever to protect your business and your brand by being PCI Compliant. For more information, go to www.pcisecuritystandards.org.
Tyler Barron is an Applications Consultant with a retail business background at ITK Solutions Group. ITK Solutions Group is a retail-focused consulting firm specializing in enterprise resource planning (ERP) solutions.