The cost of not maintaining PCI DDS compliance can be huge, especially when it comes to data breaches and fraud. Unfortunately, many merchants don’t fully understand everything involved with PCI compliance, so card security breaches will continue to occur.
According to a survey conducted by Proficio, 23% of respondents did not even know if their businesses met the most recent set of standards, PCI DDS 3.0, which was released at the beginning of this year.
It’s important for every merchant to understand what PCI DDS means, so that they can take the necessary steps toward ensuring payment security. While it’s not a foolproof solution, it can significantly help to deter data breaches and potential fraud.
Deciphering the Alphabet Soup (PCI DDS)
The Payment Card Industry Data Security Standard (PCI DDS, called PCI for short) is a set of 12 requirements that merchants must meet to ensure a secure environment for credit card transactions. The requirements were put in place by the Security Standards Council, comprised of the five major credit card companies: American Express, Discover, JCB, MasterCard and Visa.
PCI Myths Busted!
There are many misconceptions surrounding PCI. Here, we reveal four of the major myths and the reality behind each of them.
Myth #1 – I own a small business; only large companies and e-commerce websites need to be PCI compliant.
False! Every organization or merchant that accepts credit card transactions must be compliant. The size of the company doesn’t matter, nor does the number of credit card transactions. There are, however, different levels that businesses can fall into, as defined by the major credit card brands. Businesses must determine which level they fall into for each brand and complete the correlated compliance verification requirements.
Myth #2 – Once my business is PCI compliant, I never have to worry about it again.
Many merchants don’t realize that compliance is an ongoing process, not a one-time deal. As a business owner, you (or your merchant services provider) will need to be in continuous communication with your acquiring bank and the card brands with which you do business. This will ensure that any payment security vulnerabilities are identified and fixed in a timely fashion to maintain PCI compliance.
Myth #3 – My outsourced credit card processing company automatically takes care of all PCI issues.
Using a third-party processor can help to improve payment security and reduce risk exposure, but it is not a guarantee that your business is PCI compliant. As a business owner, you need to take responsibility to ensure that your payment processing system is up to PCI standards. Ask questions and be proactive—if they can’t answer or don’t know, it may be time reconsider your merchant services provider.
Myth #4 – Nothing bad will happen if my business isn’t PCI compliant.
If a business fails to maintain PCI compliance, payment brands, such as Visa and American Express, have the right to fine acquiring banks anywhere from $5,000 to $100,000 per month. These fees eventually trickle down to the merchant who violated the compliance. On top of that, the bank will very likely increase transaction fees or terminate the relationship with the merchant. It’s important for merchants to understand that the costs associated with PCI violations can be destructive to businesses of all sizes.
Business Owners: Take Action Now!
Not sure if your business is PCI compliant? The experts at Abtek are experienced at guiding business owners, just like you, through the complex validation process. Contact us today to find out how we help you ensure that your business’s payment processes are secure.
Stay updated on payment processing trends by following Abtek on Twitter and Facebook. Sign up to receive our newsletter, too.