When I was younger I worked in my father’s retail business. When a customer paid by credit card we swiped the card on a clunky old credit card imprinter device, which made three copies of the transaction. We gave one to the customer as a receipt, we sent one to our credit card processor for payment, and we kept the third.
We weren’t very sophisticated in our data management back then. I’m pretty sure that all those copies of credit card transactions, with the customers’ card numbers fully visible, ended up in a big box in our warehouse somewhere. It wasn’t very secure; anybody could open the box and steal all the credit card numbers they wanted.
The world is much different today. We take privacy and security much more seriously, especially when it comes to credit card information. If we store credit card information at all, it must be stored safely and securely so that no malicious actors can steal that data.
This focus on security is exemplified by something called PCI DSS, or PCI compliance. You’ve probably heard of it. But what exactly is it, and what does it mean?
PCI DSS stands for Payment Card Industry Data Security Standard, a set of rules and regulations designed to protect customers and businesses from fraudulent credit card activity. Any business that accepts credit card payments must be PCI compliant – that is, the business must follow the rules and regulations to protect customer credit card data.
The PCI DSS protocols are quite detailed, but can be summarized as follows. As a merchant, you agree to:
- Maintain a secure card processing network
- Protect all cardholder information and data
- Protect your systems against malware
- Put strong access control measures in place
- Monitor and test your networks
- Create and maintain an information security policy.
Now, not all merchants can do all these things – at least on their own. Merchants rely on their payment processors to maintain a secure card processing network and to keep credit card data secure. Merchants have some responsibility, of course, but they also must trust their payment processing companies to do their part.
Higher Standards takes PCI compliance seriously. All of our processing solutions meet PCI DSS standards and ensure that you and your customers are protected from credit card fraud. We make sure that your business is PCI compliant, and that your customers’ credit card information is safe.