If you accept credit cards, then odds are that you have heard of PCI compliance. Or at the very least, you may have noticed a PCI fee on your merchant statement. Nevertheless, you need to know what PCI stands for because it is a vital component of the payments industry that affects you, your bank, the manufacturer of your POS system or terminal, and your payment processor.
What Does PCI Stand For?
PCI is the shortened version of the acronym PCI DSS, which stands for Payments Card Industry Data Security Standard. Since nobody likes saying acronyms longer than 4 letters, most individuals just say/write PCI for short. However, they are referring to the Payments Card Industry Data Security Standard, which can be seen as a set of guidelines that seek to protect and prevent the misuse of merchant account data.
Who Or What Is PCI?
Under the umbrella that is PCI is the PCI Security Standards Council, an international forum that was formed in 2006 by American Express, Discover, JCB International, MasterCard and Visa Inc. The council is an entity that sets the standard for data security in the payments industry and outlines the requirements for PCI compliance.
PCI Compliance: Rules & Guidelines
PCI compliance is adherence to the guidelines outlined by the PCI Security Standards Council. Although the general guidelines and requirements are more or less the same for all businesses, they and their respective self-assessments vary depending how the business accept credit card payments.
For example, an eCommerce business accepts credit cards through an online gateway, whereas a retail business accepts credit cards in-person. Since both businesses accept credit cards in different ways, the security requirements for those businesses is different.
Nevertheless, the PCI council outlines the following Quick Steps to Security on their website:
- Buy and use only approved PIN entry devices at your points-of-sale.
- Buy and use only validated payment software at your POS or website shopping cart.
- Do not store any sensitive cardholder data in computers or on paper.
- Use a firewall on your network and PCs.
- Make sure your wireless router is password-protected and uses encryption.
- Use strong passwords. Be sure to change default passwords on hardware and software – most are unsafe.
- Regularly check PIN entry devices and PCs to make sure no one has installed rogue software or “skimming” devices.
- Teach your employees about security and protecting cardholder data.
- Follow the PCI Data Security Standard.
At this point, you may be asking yourself who is required to follow the guidelines offered by the PCI council. The answer is everybody that the payments industry involves: merchants, payment processors, banks, payments software and hardware vendors, and payments technology developers.
How To Officially Become PCI Compliant
Becoming PCI compliant requires completing a self-assessment that you can take online. The contents of your self-assessment depends on how your business accept credit cards, which determines your business’ classification in the eyes of the PCI council.
Furthermore, your processing volume determines the requirements for you to maintain compliance. For some businesses, reporting that you are PCI compliant is not required. However, the PCI council requires that all business are PCI compliant at all times.
Here are the reporting requirements that the PCI outlines:
- Over 6 million transaction per year – quarterly network security scan and an on-site annual security audit
- 150,000 to 6 million – complete the self-assessment questionnaire annually
- 20,000 to 150,000 – perform a self-assessment questionnaire every year, along with a quarterly scan performed by an approved scanning vendor
- Less than 20,000 – maintain compliance at all times, formal reporting through self-assessment questionnaire not required
Does PCI Compliance Cost Anything?
Officially, no. However, some processors charge a PCI compliance/non-compliance fee. However, the PCI Security Standards Council does not charge merchants a fee for becoming PCI compliant. Nevertheless, understanding the fees on your merchant statement is important for you. You should review your merchant statement each month to ensure that you are not overpaying for payment processing.
Now that you understand what PCI stands for, gain a better understanding of payment processing fees and how you can cut costs by reading our full guide on understanding your merchant statement.
By being PCI non-compliant, you face substantial risks.
For one, major payment brands could ban you from processing their card types. As described, the major payment brands formed the PCI council. They implement the best practices outlined in its guidelines themselves and go to lengths to ensure that everyone does the same.
Aside from losing the ability to process transactions, you may incur substantial fines if you were to not meet the requirements outlined by the PCI council.
In addition, the PCI council created their safety guidelines for a reason. Therefore, it is in your best interest to follow suit.
We ourselves practice PCI guidelines and participate in quarterly network scans and on-site visits.
How We Can Help
If you are currently being charged for PCI compliance or other “mystery fees”, then hear about our subscription-based pricing model with which you get unlimited payment processing for a single monthly fee. No hidden fees. No rates.
To learn how you can get a free Clover payments device and unlimited payment processing, visit our all-in-one payments and local marketing packages page.