If your business accepts credit and debit cards, do you know about the security risks? Are you properly protecting your business from the potential of tens of thousands of dollars in fines? And are you protecting your customers from fraud?
Credit and debit cards are easy and convenient, and accepting them has been proven to increase revenue by as much as 30 percent. They offer many benefits, both to your business and to your customers. But accepting credit and debit cards comes with security risks, and there are major financial penalties if your security isn’t up to industry standards.
The easiest way to be sure you’re protecting both your business and your customers is to ensure that your business is PCI compliant.
What is PCI Compliance?
The Payment Card Industry (PCI) security standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all businesses that store, process or transmit cardholder data. Therefore, if you are a merchant that accepts payment cards, online or offline, the size of your business will determine the specific compliance requirement that must be met.
The Four Levels of PCI Compliance
All businesses fall into one of the four merchant levels based on the aggregate number of Visa / MasterCard transactions they process over a 12-month period.
Satisfying PCI Requirements as a Level 4 Merchant
Most small businesses are Level 4 merchants. To satisfy the requirements of PCI, a Level 4 merchant must complete the following four steps:
- Identify your validation type as defined by PCI DSS. This is used to determine which self-assessment questionnaire is appropriate for your business.
- Complete the Self-Assessment Questionnaire. Follow the instructions in the Self-Assessment Questionnaire instructions and guidelines.
- Complete and obtain evidence of a passing vulnerability scan with a PCI SSC Approved Scanning Vendor (ASV). Scanning only applies to merchants with externally-facing IP addresses. If your business electronically stores cardholder information or if your processing systems have any internet connectivity then you must obtain a vulnerability scan.
- Complete the relevant attestation of compliance (located in the SAQ tool).
Failure to Comply
PCI compliance applies to all organizations or merchants—regardless of size or number of transactions–that accept, transmit or store any cardholder data. There are a number of fines and penalties for non-compliance that range from $20/month up to $100,000 if there is a data security breach. Additionally, your account may face increased transaction fees or even be terminated by the acquiring bank.
Don’t let credit card thieves derail your business plans. Take the time now to secure your credit card transactions and make your business PCI compliant.
It’s the best gift you can give your business this year.
Kurt C. Metzler is the Senior Vice President of Strategic Development at iPayment, a payment processing provider.
