If you’re processing credit cards, you’ve most likely heard of PCI compliance. What is it and how do you become compliant? We’ll walk you through it.
What is PCI?
The Payment Card Industry Security Standard is a set of guidelines that protect merchant and cardholder security. If a merchant intends to accept card payments, the data must be hosted securely with an approved provider.
What Does It Entail?
There are 12 requirements for PCI compliance:
- Create and maintain a firewall configuration policy to protect cardholder data.
- Create unique system passcodes, as opposed to vendor defaults.
- Multiple layers of security should be implemented to protect stored card data using physical and virtual methods.
- Encrypt cardholder data across public networks.
- Refrain from storing sensitive authentication data after card authorization.
- Use and update anti-virus software.
- Monitor and maintain a secure system and applications.
- Limit the number of personnel with access to cardholder data.
- Assign a unique login code to each user with computer access.
- Restrict physical access to sensitive information.
- Monitor all user access to cardholder data.
- Regularly test security processes.
- Maintain a policy that addresses information security.
How Is It Enforced?
How often a merchant is reviewed depends on how many transactions they run annually. It is divided into four levels. At the highest level, a merchant processes over 6 million transactions per year and must have yearly on-site reviews by an internal auditor as well as a network scan by an approved vendor. Merchants that process less than than that must complete the PCI DSS Self Assessment Questionnaire annually and undergo quarterly network scans by an approved vendor.
If a merchant fails to be PCI compliant, there’s a price to pay. While the PCI Security Standards Council does not enforce consequences for non-compliance, payment brands will impose fines on the merchant. Additionally, several states enforce PCI compliance by law, and more are expected to follow.
Why Is It Important To My Business?
By fully complying with PCI, a merchant significantly reduces the risk of data fraud that could damage a their reputation. Every merchant knows that business is a relationship built on trust with the customers. Customers are entrusting merchants with their secure data and require the peace of mind that their information is safe.
PCI compliance does not have to be expensive or time consuming. Fidelity stands ready to guide and support our merchants in making this security investment.
At Fidelity, we understand the particulars of PCI compliance and are ready to assist merchants in implementing the highest security standards for their credit card processing.