What is PCI ComplianceAre you wondering… what is PCI compliance? Don’t worry—you’re not alone. If you’re a small business owner, PCI compliance is considerably among the most important things you should know about. Why? Because it actually plays a major, important role in your business. In fact: If you’re in a business that caters to customers, and accepts credit card and online payments—all the more you should know about this matter. So, what is PCI compliance really all about? Well, let’s start at the beginning… If you read the news, you’ll see that credit card fraud and data breaches have caused billions of dollars in losses for businesses. And you now what? These unscrupulous hackers and thieves are getting more sophisticated each day. And what makes matters worse is they’ve become even greedier. Yes, credit cards (as useful as they are) are now being used by criminals to steal money from people—including you, business owners. Here’s one more alarming fact: They’re getting our credit card information through the things we use quite often, such as emails, downloads and other means. Obviously, this problem has got to stop—fast. Otherwise, it could mean even bigger losses for businesses. That’s how PCI standards and compliance came into place. PCI means Payment Credit Industry, which actually sets the credit payment standards that we, business owners, need to comply with. Enforcing the standards is the PCI council, which is actually composed of the biggest names in the credit card industry: American Express, Visa, JCB, Discover, and Mastercard. One of the main functions of PCI is to ensure that the standards for credit card payments are able to evolve constantly, in order to avoid new threats as they go along. In other words: They help protect businesses and consumers from ongoing threats relating to credit card fraud and other related crimes. And here’s the thing: As of October 1, 2015, all businesses that accept credit card payments are required to install EMV readers. Otherwise, if a business accepts payments from stolen or counterfeit credit cards (because it didn’t have EMV readers)—then it will be the one held liable for the losses. Yes, you’ll be the one bearing the brunt of credit card fraud, if you do not have the needed securities in place (back then, it would have been the bank that issued the card who paid for the losses). In addition, you might also be penalized with a fine. Wait! There’s more to PCI compliance that you need to know… All businesses that accept, store or even transmit data relating to credit cards are required to be PCI compliant. So, if your transactions involve credit cards (and we presume they do)—then you need to make it a point to comply with PCI standards. Otherwise, you’ll get a big hit on your business, and you might end up losing money instead of earning. Yes—PCI compliance can be a pain. However, we can’t do away with it. These standards are part and parcel of running a business, and we have no other choice but to comply. Curious about the steps to take to be PCI compliant? Read on…
- Determine what level of compliance standards your business needs to follow. There are 4 levels to choose from, depending on the scope of your business, the size and other details. You can see those here.
- You will also need to fill out a Self-Assessment Questionnaire (which you can also do at the above website) in order to determine which particular PCI standard you should meet. There are online forms available (where? On RedFynn?) which can help you find the appropriate questionnaire to use. Once you’ve determined which standard applies to you—just fill up the SAQ.
- Do you use scanners for your business? If so, then you might have to conduct a “vulnerability scan,” to ensure that you’re complying with PCI standards. This vulnerability check will be done by a PCI SSV Approved Scanning Vendor, who will test the safety of your payment transactions. Note: Not all businesses are required to do this. As it is, you might want to double-check if this regulation applies to you.
- You will then execute and submit a so-called Attestation Compliance form, which is normally included in the SAQ.
- Submit all the necessary documents to the bank you belong to, including the SAQ, the Attestation Compliance form, proof of passing the vulnerability scan, as well as other pieces of important documents and evidence.