What does PCI Compliance mean in Credit Card Processing?
Have you ever heard the term PCI compliant and wondered what it means? Okay, it’s not a term you come across everyday. Perhaps you’ve been speaking with a credit card processing company and heard the merchant account agent mention it.
Like it sounds, it has to do with being in check, or good standing. But what, why and with whom?
PCI Compliance is also known as PCI DSS, or Payment Card Industry Data Security Standard. PCI DSS originated with 5 separate security and compliance programs put in place by 5 major credit card associations. Each program was intended to offer an added level of protection for credit card issuers in which merchants (or businesses) that accept credit cards were required to adhere to specific security guidelines when storing, processing and transmitting customer credit card data.
In 2004, these five companies meshed their programs together and created the Payment Card Industry Security Standards Council (PCI SSC). Since its creation, the new PCI Standards have been updated several times in order to meet changes in the industry and in some cases, to clarify specific points.
PCI Data Security Standards Requirements
There are 6 “control objectives” with a total of 12 requirements that merchants must comply with:
Why PCI Compliance?
After reading (or skimming) those requirements above, it’s pretty evident that the sole purpose of PCI Compliance is to ensure that merchants take every precaution to prevent customer credit card information from being stolen and credit card fraud from occurring.
Who Must Comply?
All businesses that are set up to take payments via a merchant account (credit card processing services) must follow the PCI DSS requirements.
PCI DSS compliance is not mandated under federal law in the United States, but merchants that choose not to comply will be subject to penalties and/or may have their merchant account terminated.
Some states have enacted their own laws relating to PCI DSS. Minnesota’s law prohibits the retention of credit card information by merchants, and Nevada and Washington have laws in place shielding merchants from liability if a security breach were to happen.
While it’s important for all merchants to follow the PCI DSS compliance requirements, it’s extremely important for online merchants to not only follow those requirements, but also to always be wary of credit card fraud.
Most credit card fraud occurs with online credit card transactions (known as card-not-present transactions). In these transactions, it is more difficult for a merchant to verify that the actual cardholder has authorized the transaction.
Opening a Business?
If you’re starting a business and plan on setting up credit card processing services, your merchant account provider may or may not spend a lot of time going over these requirements. Yet it’s critical to know and practice them.
It goes without saying that as a business owner with products or services for sale, your customers are the lifeblood of your business. Your customers deserve to have the integrity of their information protected. Whether your store is online or in a brick-and-mortar location, go the extra mile to ensure you are always PCI DSS compliant.
If you have questions relating to PCI DSS compliance or credit card processing in general, give us a call at The Transaction Group. We’d be happy to help.