The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID) needs to be PCI Compliant.
PCI compliance involves 4 different validation ratings. These ratings depend on the merchant category your company falls into, based on the number of transactions made per year:
- More than 6,000,000 transactions per year
- From 150,000 to 6,000,000 transactions per year
- From 20,000 to 150,000 transactions per year
- Less than 20,000 transactions per year
There are six categories of PCI standards that must be met in order for a retailer to be deemed compliant:
- Maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement Strong Access Control Measures
- Regularly monitor and test networks
- Maintain an information security policy
It is important to remember that if a business is not PCI compliant, credit card brands can take different actions that include fines (up to $100,000 per month), or revoking your ability to process transactions. You can also be placed in the Visa/MasterCard Terminated Merchant File, making you ineligible to obtain another merchant account for several years.
If your company does not store, transmit or process credit card data, but accept credit cards through a payment gateway or external provider, it is imperative to validate if your providers are PCI compliant. By outsourcing your credit card transaction processes, the PCI requirements fall directly to your partner, who assumes the costs and the obligation of meeting the standards. Nevertheless, if your partner fails to ensure the security of your customers, your company’s brand name will also get seriously damaged due to customer dissatisfaction.
To get more information about PCI Compliance, please visit https://www.pcisecuritystandards.org/
