A brief introduction to PCI Compliance, and why as a merchant it is important to always be compliant.
PCI compliance is a set of rules and regulations that apply to any business, of any size, that accepts credit card data. For a business to be compliant requires a specific set of safety protocols designed to protect both the business and its customers from fraudulent activity.
In essence, the major card brands have created a system to verify that you’re meeting pre-set security standards to be compliant. These standards are updated regularly, to help merchants mitigate potentially unsafe card practices. By becoming compliant, you’re ensuring that your business is staying as protected (as much as possible) from fraud, and accepting credit cards in the manner that Visa/MC/Discover/Amex deem safe and appropriate.
What Does PCI Stand For?
Well, it is actually PCI DDS, which stands for Payment Card Industry Data Security Standard. This standard was set by the five largest credit companies to help in the fight against credit card fraud. While there is no such thing as PCI certification, any business who handles any aspect of credit card information will have to prove that they meet PCI requirements.
Being PCI compliant means your business is abiding by data security standards established by the Payment Card Industry Security Standards Council, and verified as such. This council was formed by Visa, Mastercard, Discover, American Express and JCB International, and the standards are designed to help merchants safely secure, store, process, and handle sensitive customer data. All businesses that accept credit cards are subject to these standards.
What Are These Requirements?
That’s an important question to ask! There are four different levels based on a business’ annual transaction volume. It’s important to know which level your business falls under, and to meet the requirements listed. Failing to do so leaves merchants at risk for data breaches, which could end up costing them fines and card replacement fees, as well as audits, investigations into their business, and heavy damage to their brand name. Since PCI DDS requirements can vary based on your annual transaction value, it is important to know what you have to do to ensure your business is compliant. Information on this can be found at the PCI DDS website.
Becoming compliant and staying compliant is pretty simple. Your business will be required to go through an annual Self-Assessment Questionnaire to determine any potentially unsafe practices. Certain organizations may have additional requirements to become compliant based on their processing methods. Once you sign up with Dharma, we’ll provide you online access to your PCI compliance portal, so that you can ensure your business completes all proper requirements.
Do I have to be compliant?
Yes. All merchants who accept credit cards are required to become PCI compliant by the card associations. If your organization chooses not to become compliant, the organization will be subject to a monthly non-compliance fee of $24.95. In addition, any fines/fees related to a data breach would be the responsibility of the merchant! One of the big advantages to being PCI Compliant is that you can ensure you’re following all appropriate card brand regulations. By skipping PCI compliance, you may miss out on learning of some costly mistakes.
Is there a Compliance Fee?
Dharma does not charge extra for PCI, but you are required to complete the Self-Assessment Questionnaire (SAQ) and web-scanning. Web scanning is required per PCI Compliance regulations for any merchant processing over an Internet (IP) connection – so this will impact online/virtual merchants, and any merchant who connects their credit card terminal to an ethernet (IP) connection. Dharma partners with both ControlScan and Trustwave to offer PCI Compliance to our merchants, and included with ControlScan’s services is a $100,000 data breach insurance plan to protect you against an attack.
All merchants are required to go through an annual PCI compliance questionnaire. This questionnaire is very easy and typically only takes about 10 minutes to complete. We have live representatives who are happy to assist with this step! Should your account not be PCI Compliant, we do have a $24.95/month non-compliance fee. We don’t want to see you paying this and will actively assist in ensuring you’re PCI compliant.