What Exactly Is PCI Compliance?

PCI compliance is a set of rules and regulations that apply to any business, of any size, that accepts credit card data. For a business to be compliant requires a specific set of safety protocols designed to protect both the business and its customers from fraudulent activity.

In essence, the major card brands have created a system to verify that you’re meeting pre-set security standards to be compliant. These standards are updated regularly, to help merchants mitigate potentially unsafe card practices. By becoming compliant, you’re ensuring that your business is staying as protected (as much as possible) from fraud, and accepting credit cards in the manner that Visa/MC/Discover/Amex deem safe and appropriate.

What Does PCI Stand For?

Well, it is actually PCI DDS, which stands for Payment Card Industry Data Security Standard. This standard was set by the five largest credit companies to help in the fight against credit card fraud. While there is no such thing as PCI certification, any business who handles any aspect of credit card information will have to prove that they meet PCI requirements.

Being PCI compliant means your business is abiding by data security standards established by the Payment Card Industry Security Standards Council, and verified as such. This council was formed by Visa, Mastercard, Discover, American Express and JCB International, and the standards are designed to help merchants safely secure, store, process, and handle sensitive customer data. All businesses that accept credit cards are subject to these standards.

What Are These Requirements?

That’s an important question to ask! There are four different levels based on a business’ annual transaction volume. It’s important to know which level your business falls under, and to meet the requirements listed. Failing to do so leaves merchants at risk for data breaches, which could end up costing them fines and card replacement fees, as well as audits, investigations into their business, and heavy damage to their brand name. Since PCI DDS requirements can vary based on your annual transaction value, it is important to know what you have to do to ensure your business is compliant. Information on this can be found at the PCI DDS website.

Becoming compliant and staying compliant is pretty simple. Your business will be required to go through an annual Self-Assessment Questionnaire to determine any potentially unsafe practices. Certain organizations may have additional requirements to become compliant based on their processing methods. Once you sign up with Dharma, we’ll provide you online access to your PCI compliance portal, so that you can ensure your business completes all proper requirements.