Editor’s note: This article is provided for your information by Veracity Payment Solutions, provider of the American Rental Associaton (ARA)-endorsed Merchant Services Program. Veracity works with Sysnet Global Solutions on PCI compliance issues and can be an expert resource for your company. For questions about PCI, you can call Veracity at 888-599-2209.
Technology in the payments industry continues to evolve at breakneck speed. As advances are made, so are ways to attack databases that can cause serious breaches — wreaking havoc for credit card holders and the businesses they frequent. While large corporations have upped their security measures with vast resources, small and mid-sized businesses that either underestimate their vulnerability to attack or the value of maintaining basic safety measures such as PCI have become fraudsters’ newest targets.
Increasing the level of awareness for merchants on security issues is one important step toward reducing vulnerability, but in order to truly protect a business from potential fraud, maintaining yearly PCI compliance is fundamental. Not only that, it is required by card brands in order for a business to accept payments with their cards.
The Payment Card Industry Security Standards Council (PCI SSC) was founded in 2006 by five global payment brands: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa. The council framed a set of guidelines to ensure credit card transactions are handled safely and securely, protecting cardholder data at every step in the transaction process.
PCI Data Security Standards (PCI DSS) must be met yearly by every merchant who processes credit/debit card transactions. Regardless of the method of payment acceptance at your business — in person, over the phone, e-commerce or via a virtual point-of-sale solution — businesses processing credit/debit card payments must be PCI compliant. There can be penalties assessed to your business for non-compliance.
The percentage of businesses that operate without maintaining PCI compliance is alarming. It is like operating your PC without malware. Even though a computer brand has done its best to protect us from system vulnerabilities, every year we update Norton, McAfee or other programs to help protect us against viruses or breaches. It should be the same with processing systems. Credit card information must be protected at the highest possible levels and PCI compliance is an integral part of that.
Check with your processor to ensure you are up-to-date on PCI DSS. Your processing partner should:
- Educate, explain and clarify the PCI DSS requirements.
- Ensure you understand PCI DSS and your responsibilities.
- Prompt you to move along the path to compliance.
- Provide step-by-step assistance with the self-assessment questionnaire (SAQ).
- Ensure you have properly achieved PCI validation/compliancy.
- Assist in maintaining compliance at all times.
During this era of advanced technology where data breach attempts are common, do all you can to protect your business and be sure that your processor has the same goal. Check with your processor to ensure that your business is PCI compliant.