You’ve probably heard something about PCI compliance in regard to credit card processing. The phrase “PCI compliance” is shorthand for the rules and regulations known as the Payment Card Industry Data Security Standard or PCI DSS. These regulations are designed to protect both consumers and businesses from fraudulent credit card activity.
If your business accepts credit card payments, you must comply with PCI DSS regulations. If you’re not compliant, you could be subject to fines by the credit card companies of between $5,000 to $100,000 per month, depending on the size of your business and the length of the infraction. Even worse, if you experience a data breach that exposes your customers’ credit card information and you were not PCI compliant, then you may be fined between $50 and $90 for each customer affected by the breach.
What do you need to do to be PCI DSS compliant? It’s a short but essential list:
- Maintain a secure card processing network
- Protect all cardholder information and data
- Protect your systems against malware
- Put strong access control measures in place
- Monitor and test your networks
- Create and maintain an information security policy
These requirements are designed to make sure that you and all the other entities in the processing chain are securely handling your customers’ credit card data. It’s a matter of ensuring that only essential personnel have access to customer credit card data and that this data is securely stored to guard against data breaches and attacks.
The responsibility for PCI compliance is shared between your business and your payment processor. For Higher Standards, that means ensuring that all of our processing solutions meet PCI DSS standards. We also ensure that your business is PCI compliant to keep your customers’ credit card information private and secure.
If you want to know more about PCI DSS and how to be compliant, contact your Higher Standards expert advisor. We can guide you through what you need to do to be PCI compliant.