The payment industry is complex, and business owners need more than the basics to manage a merchant account effectively. Its also important to keep up-to-date with the latest regulations from compliance agencies, and understand how rulings impact your merchant account.
What is the PCI Security Standards Council and What Do they Do?
The PCI Security Standards Council was formed in 2006 by five major payment brands including American Express, Discover Financial, JCB, Mastercard International and Visa Inc. They create a standard body and security framework for how to protect cardholder data based on its transmission — whether its processed, stored or just transmitted over a network. In addition, they create security programs to protect cardholder data.
The council felt it would be easier for merchants with a set of rules and industry-accepted best practices, and offer additional data and financial protections. Each individual payment type still has a specific compliance program, but the PCI Council offers the merchant an opportunity to voice their opinions and ideas about those requirements how they comply directly with merchant or payment banks.
What do Merchants Need to Know?
Each business model has different security and compliance requirements. For example, if a merchant outsources all processing to a third party, the third party must demonstrate compliance with the merchant bank, and merchants then have a limited scope of operation.
However, if a merchant develops their own applications for online credit card processing and manages their own network to transfer sensitive data, they are obligated to work within stricter PCI Data Security Standards.
The PCI council offers a list of approved commercial products to reduce compliance efforts, and merchants should check the list to be sure their programs meet Payment Application Data Security Standards. This saves merchants time and the headache of spending money to retro-fit applications for compliance.
Most importantly, merchants must always think about data security. It makes sense to outsource to a service provider with a security skill set and fundamental understanding of the payment process. This saves time and money, and the need to create a dedicated IT department.