PCI Compliance - Merchant processing

Everything You Need to Know About PCI Compliance

As a merchant, PCI compliance is a term you’ll encounter time and time again.

PCI Compliance

Those two words, as non-threatening as they may appear, implicate severe consequences for anyone who chooses to ignore them. In terrible cases, failure to adhere to PCI regulations may even cost a person their business.

So what does that mean for you?

Well, if you are unfamiliar or confused about what PCI compliance is and what it looks like for your business, then it’s in your best interest to invest some time to learn about it.

More often than not, PCI regulations are shrouded in complex language that will give you a headache trying to understand. To counter this, we’ve put together a straightforward, easy-to-consume guide that discusses everything you need to know about PCI compliance.

If you’re stretched on time and simply want personalized help, then contact our team of payment professionals.

PCI Compliance - Merchant education

What is the PCI DSS?

First off, in order to get your business PCI compliant, you’ll need to know what the heck PCI DSS is and what it represents.

The Payment Card Industry Data Security Standard (PCI DSS) is an industry-wide compliance requirement created for anyone who stores, processes, or transmits payment card data (such as accepting credit card payments).

The PCI DSS was created in collaboration with the different payment card brands: American Express, Discover, JCB, Mastercard, and Visa. PCI requirements are designed to reduce payment card compromises and data theft by helping you secure your sensitive information and reduce your vulnerability to attacks.

The goal of compliance

Payment Card Industry (PCI) Data Security Standard (DSS) compliance is designed to protect businesses and their customers from credit card theft and fraud. All businesses or service providers that store, process, or transmit payment card data are required to comply with the PCI data standard—regardless of business size or the amount of annual payment card transactions.

By being PCI Compliant, a merchant can rest assured knowing that they have taken steps to protect themselves against fraud. Furthermore, customers feel more secure when they see a PCI Compliant logo on a website. This can increase business and ensure customer satisfaction.

What are the penalties for noncompliance?

Merchants may be fined up to $500,000 per incident if they are not PCI compliant at the time of a security breach.

Consequences for affected organizations may include:

  • Regulatory notification requirements
  • Loss of reputation
  • Loss of customers
  • Potential financial liabilities (for example, regulatory and other fees and fines)
  • Litigation
  • And even loss of their business

How do I become compliant with the PCI DSS?

As a merchant who stores, processes, or transmits payment card data, you are required to be PCI DSS compliant by the payment brands and credit card processors. There are several PCI compliance vendors available in the industry. At National Merchants Association, we want to ensure you have access to the best tools available to help you reach PCI DSS compliance.

If you need assistance, please contact Member Support and we will assist you through these two easy steps to becoming PCI DSS compliant:

An annual Self-Assessment Questionnaire (SAQ) determines if you are taking proper precautions to protect your payment card data, similar to an insurance questionnaire, done via the internet.

Quarterly security scans for systems connected to the Internet. The scans look for weaknesses that an attacker might use to access your systems. A PCI-Certified Approved Scanning Vendor (ASV) must conduct these scans.*

*No scan needed for dial-up or if you fall under the category of CV-T.

PCI Compliance - self assessment

How much will this cost?

Most credit card processors charge a monthly and/or annual fee for PCI compliance. This can range anywhere from $30 to $60 a month, up to $2500 per year. Scans may cost thousands of dollars depending on the size of the business.

National Merchants Association is pleased to be able to offer our PCI Compliance program at only $6.95 per month.

Final words

It’s easy to feel overwhelmed when it comes to PCI compliance. Many business owners struggle to understand what they need to do to become compliant and end up leaving data unprotected by accident. If a breach in data occurs and your customers’ credit card information is stolen, then you’ll be held liable. Sure, there’s a chance you’ll never be hacked, but that’s not guaranteed.

Think of it like car insurance. Would you drive around in an expensive car that you worked relentlessly to get without car insurance? Probably not. The same idea applies to PCI compliance. You shouldn’t move your business forward without the insurance PCI compliance gives you. PCI compliance protects your business from hackers and safeguards all the time, energy, and money you’ve spent building your company.

Again, if you still need help or would like to get plugged into NMA’s PCI compliance program, contact us.

We help thousands of businesses cope with the process of becoming PCI compliant and lighten your load by providing personalized help.