What Does PCI Stand For?: A Merchant's Guide
If you accept credit cards, then odds are that you have heard of PCI compliance. Or at the very least, you may have noticed a PCI fee on your merchant statement.
Nevertheless, PCI is a vital component of the payments industry. As a result, it is in your best interest to understand what it is & how it affects your business. To your surprise, PCI affects just about everybody that is involved in credit card processing:
Your bank, the manufacturer of your POS system, your payment processor, card associations, cardholder banks.
All of these parties comply with PCI requirements in order to keep your credit card information safe.
You see. Every time you swipe a credit or debit card, someone has to process, store, or transmit credit card data to the financial institutions involved.
For this reason, the security standard PCI DSS exists.
What Does PCI Stand For?
PCI is the shortened version of the acronym PCI DSS, which stands for Payments Card Industry Data Security Standard. Since nobody likes saying acronyms longer than 4 letters, most individuals just say/write PCI for short.
However, by saying PCI, you are referring to the Payments Card Industry Data Security Standard, which is essentially a set of guidelines that seek to protect & prevent the misuse of merchant account data.
Who Or What Is PCI?
Under the umbrella that is PCI is the PCI Security Standards Council, an international forum that was formed in 2006 by major card associations: American Express, Discover, JCB International, MasterCard & Visa Inc.
The council is essentially an entity that sets the standard for data security in the payments industry and outlines the requirements for PCI compliance.
PCI Compliance: Rules & Guidelines
PCI compliance is adherence to the guidelines outlined by the PCI Security Standards Council.
Although the general guidelines and requirements are more or less the same for all business types, they vary on how you accept credit cards.
For example, an eCommerce business accepts credit cards through an online gateway, whereas a retail business accepts credit cards in-person. Since both businesses accept credit cards in different ways, the security requirements for those businesses are also different.
Nevertheless, the PCI council outlines the following Quick Steps to Security on their website:
- Buy and use only approved PIN entry devices at your points-of-sale.
- Buy and use only validated payment software at your POS or website shopping cart.
- Do not store any sensitive cardholder data in computers or on paper.
- Use a firewall on your network and PCs.
- Make sure your wireless router is password-protected and uses encryption.
- Use strong passwords. Be sure to change default passwords on hardware and software – most are unsafe.
- Regularly check PIN entry devices and PCs to make sure no one has installed rogue software or “skimming” devices.
- Teach your employees about security and protecting cardholder data.
- Follow the PCI Data Security Standard.
At this point, you may be asking yourself who is required to follow the guidelines offered by the PCI council.
The answer is anyone who deals with electronic card transactions. That means merchants, payment processors, banks, payments software & hardware vendors and developers.
How To Officially Become PCI Compliant
Becoming PCI compliant requires the completion of an online assessment questionnaire saq. The assessment helps merchants determine whether or not they are handling cardholder data in a safe manner.
As explained, the contents of your self-assessment will depend on how you accept credit cards. For example, the requirements for a business that accepts credit cards over the phone will be different than those for a business that takes payment in-person.
Furthermore, your processing volume determines whether or not you need to report compliance to the standards council PCI SSC.
The PCI council requires that all businesses are PCI compliant at all times. However, reporting that you’re PCI compliant is not required for some businesses.
Here are the reporting requirements that the PCI outlines:
- Over 6 million transaction per year – quarterly network security scan and an on-site annual security audit
- 150,000 to 6 million – complete the self-assessment questionnaire annually
- 20,000 to 150,000 – perform a self-assessment questionnaire every year, along with a quarterly scan performed by an approved scanning vendor
- Less than 20,000 – maintain compliance at all times, formal reporting through self-assessment questionnaire not required
Does PCI Compliance Cost Anything?
Officially, no. However, some processors pass on a compliance fee to merchants due to having to pay fees to stay compliant themselves.
But keep in mind that the PCI Security Standards Council does not charge merchants a fee for taking the self-assessment or maintaining PCI compliance themselves.
Nevertheless, understanding the fees on your merchant statement is important for you. We recommend reviewing your merchant statement each month to ensure that you are not overpaying for payment processing.
Now that you understand what PCI stands for, gain a better understanding of payment processing fees & how you can cut costs by reading our full guide to understanding your merchant statement.
As explained, the major card brands formed the PCI council. Therefore, if you fail to maintain PCI compliance, then you could be banned from accepting their cards.
Aside from losing the ability to process transactions, you could also incur substantial fines if your negligible misuse of cardholder data results in a data breach that places your customers at risk.
However, most of these dangers are at the payment technology level. Obviously, it is still important that you are always handling cardholder data safely. As such, I strongly recommend that you don’t keep any written records of cardholder information.
Nevertheless, it is equally important that you use a payment solution that is committed to PCI compliance.
We ourselves follow PCI guidelines. And due to their sheer volume of credit card transactions that our payment gateway ‘processes’, we are required to participate in quarterly network scans & on-site visits.
But we are happy to do it as it keeps our clients safe.
How We Can Help
If you’re currently being charged for PCI compliance or any other “mystery fees”, then hear about our subscription-based pricing model which offers you unlimited payment process all for one monthly fee.
To learn how you can get a free Clover payments device & unlimited payment processing, learn about our all in one payment & local marketing packages.