To help regulate credit card security standards, the Payment Card Industry Security Standards Council (PCI SSC) was founded in 2006 by 5 of the largest payment brands: American Express, Discover, JCB International, MasterCard, and Visa. Below are some highlights to help you navigate payment processing.
What is PCI compliance?
"The PCI Data Security Standard is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. The PCI Data Security Standard is comprised of 12 general requirements designed to: Build and maintain a secure network; Protect cardholder data; Ensure the maintenance of vulnerability management programs; Implement strong access control measures; Regularly monitor and test networks; and Ensure the maintenance of information security policies."
Do all merchants, including those with minimal credit card processing need to be compliant?
The PCI SSC requires all merchants, regardless of size, to be PCI compliant.
How do I get started?
The PCI SSC website has great tools to help you get started including videos, a self-assessment questionnaire, and a reference guide.
This may seem like a lot of work, but remember that customers' card information is your responsibility to protect. If your business is found to have a data breach, you could be liable for fines, penalties, and/or loss of ability to accept credit/debit cards. By providing secure card processing, you will instill confidence in your customers!