The days of the cash-only business are over. It doesn’t matter if your business is a multinational corporation or you cut grass for a living, accepting payment cards is not only convenient for your customers, most of the time it’s the most secure way to get paid. In an effort to protect the personal and financial information of consumers who have come to depend on their payment cards, the banks that back the credit card industry have developed a regulation that businesses who process cards need to adhere to. Today, we will go over this regulation and how it affects small and medium-sized businesses.
The Payment Card Index Digital Security Standard (PCI DSS) was established in 2006 as an industry-wide standard created by what is now known as the PCI Security Standards Council. Made up of the predominant credit card companies: Visa, Mastercard, American Express, and Discover, the council was established to regulate the credit card industry and manage the standards in which businesses would be held to improve consumer privacy.
PCI standards apply to all businesses that accept payment cards. If your business stores information or processes payment using digital means, you have to maintain PCI compliance. Here are 10 actions every business that accepts payment cards needs to take:
Again, every single business that accepts the use of payment cards needs to be sure to accomplish these 10 things. Many businesses already do these things in the normal course of doing business, but if you don’t, and you accept payment cards, you are not in compliance and face harsh consequences.
Once you’ve established compliance with the general guidelines, you then need to understand how your business will be judged. According to the PCI Security Standards Council there are four levels of businesses that process credit cards. They are defined as follows:
Since a breach at level 1 will likely affect more consumers, the PCI regulatory body--that doesn’t have the means to constantly check every business--spends more time regulating larger organizations. That’s not to say that small businesses can’t face hefty fines and consumer attrition if they are non-compliant. Each level has its own specific mandate. Let’s go through them now.
Merchant Level #1
To maintain PCI compliance, Level one merchants need to:
Merchant Level #2
Level two’s need to:
Merchant Level #3
Level three’s need to:
Merchant Level #4
Level four’s need to:
Businesses found to be in noncompliance will often be subject to review and are often fined, given extra scrutiny, or have their privilege to accept payment cards revoked. This would now make it hard to do business. To talk to one of our experts about PCI DSS standards, or how to keep your business in compliance, call the IT professionals at Advanced2000 today at (703) 370-7520.