PCI Compliance (PCI DSS)
Due to the high volume of merchant account breaches and fraud it is very important for you to take the time required to protect you, your business and your customers.
What are the PCI Data Security Standards?
The Payment Card Industry Data Security Standards (PCI DSS) were created by the major credit card brands to protect cardholder data and reduce fraud. Every business that accepts payment cards using systems that store, transmit or process credit and debit card data must comply with the PCI DSS requirements if they are to continue accepting credit cards. Visit the PCI security standards council website at www.pcisecuritystandards.org for more information.
What actions do I need to take?
You should carefully consider the impact of compliancy on your business. We highly recommend that you take all steps necessary to become and maintain compliancy.
1. Use a PA-DSS validated payment application.
2. Use up-to-date end-to-end encrypted (E2EE) hardware for your swiped transactions.
3. Complete and submit to your acquirer an annual self-assessment questionnaire (SAQ).
4. Perform ongoing quarterly scans of your computer(s) and internet connection using a PCI-SSC Approved Scanning Vendor (ASV)
How can I better prepare myself to become PCI compliant without too much hassle?
1. Have updated hardware if you are using a standalone terminal and be ready to accept EMV cards after Oct 2015.
2. Have updated software on your computers with the most up to date versions.
3. Use a trusted high quality firewall and anti-virus software program on all computers you use to accept payments.
4. Have an IT employee, contact or company that can assist you with any area you are unsure of in regards to your own payment processing practices and technology.
What could happen if I don’t comply?
Key deadlines for businesses have already passed, so it is expected that all businesses that handle card data are meeting the requirements. If you are currently not compliant your livelihood and the future growth of your business could be at risk. A security breach and compromise of payment card data can have long extenuating consequences.
1. Fines and penalties from the card brands with amounts starting at $10,000.00.
2. Loss of customers and your brand reputation.
3. Regulatory notification requirements.
4. Litigation costs incurred to defend your business.
5. Loss or suspension of merchant account processing.
What company or vendor should I use to become PCI Compliant?
Though there are many Approved Scanning Vendors out there we use and refer to Trustwave. They can be reached by calling 1-877-815-3414 or Email [email protected]
If you are using another ASV simply email a copy of your compliance certificate to your current credit card processor.
If you have any questions regarding PCI compliance please feel free to email me or call me at 970-532-4831 or 303-588-6658.