The views of this article are the perspective of the author and may not be reflective of Confessions of the Professions.
PCI Compliance FAQs
You may have heard the term PCI compliance while considering how to accept customer credit and debit cards as a method of payment, but if you’re not entirely sure what PCI compliance entails, you’re not the only one.
Here are some frequently asked questions regarding PCI compliance, and how it sways to your business.
What is PCI compliance? PCI is an acronym for “payment card industry.” PCI compliance refers to a set of principles that were created in 2006 by the Payment Card Industry Security Standards Council (PCI SSC), an independent body made up of representatives from the major brands in transaction processing, including Visa, MasterCard, American Express, Discover and JCB. The standards were devised to ensure that any organization that intermingles with sensitive payment information preserves the uppermost level of security throughout transaction processing.
Is it illegal to not be PCI compliant? You are not legally required to be PCI compliant to process debit and credit card payments — but you expose your customers and business to ample risk if you’re not. In fact, your business could be subject to thousands of dollars in fines, fees and potentially lawsuits, according to PCIComplianceGuide.org (depending on the nature and harshness of the breach if you’re found not to be PCI compliant and a breach occurs).
What is sensitive data? Sensitive data technically refers to a customer’s 16-digit account number (PAN, or personal account number), and/or a full PAN alongside a customer’s name, expiration date, service code; as well as the information on a card’s magnetic strip, security codes and PINs. All must be protected by a business to be PCI compliant, under the PCI SSC’s standards.
What size does my business have to be to require PCI compliance? Any business that takes credit or debit cards must be PCI compliant. As the experts at PCIComplianceGuide.org explain, breaches often impact small merchants and home-based businesses; hackers perceive them as the “path of least resistance” in terms of security.
With that said, PCI compliance assigns particular standards based on the size of transactions your business processes over a year. Many small- to medium-sized businesses fall into “Level 4,” which applies to merchants that process under 20,000 Visa e-commerce transactions in that time, or up to 1 million Visa transactions in any other sales channel.
Download: Bluepay PCI Compliace Ebook
About the Author
Kristen Gramigna is Chief Marketing Officer for BluePay, a credit card processing firm. She has more than 20 years experience in the bankcard industry in sales management, marketing, and direct sales. Follow her on Twitter at @BluePay_CMO.