Why Business Owners Should Care About PCI Guidelines

With the growing rise in credit card payments (in person, online or mobile) business owners often over look those dreaded “PCI Guidelines” that, whether they know it or not, could make or break their business.

creditcardtheftAs Tishauna Gibbs, an NTC Texas outside sales representative, was recently giving a presentation to a group of business owners, she realized many of them knew close to nothing about PCI compliance standards or the kind of impact they could have on their businesses.

“Most companies don’t know what it is or the risk of not being PCI compliant,” Gibbs said. “But if these businesses are ever breached and they’re not compliant, a mandatory forensic audit starts at $15,000- and doesn’t include fines per credit card stolen which could easily put businesses out of business in a month.”

So what is PCI?

It’s a set of standards set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. In other words, it’s intended to secure the customer’s credit card information.

According to PCISecurityStandards.org, “The Council is responsible for managing the security standards, while compliance with the PCI Security Standards is enforced by the payment card brands (VISA/MC/AMEX/DISCOVER). The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions. If you are a merchant accepting payment cards, you are required to be compliant with the PCI Data Security Standard.”

According to the PCI for Small Merchants page, “If cardholder data is stolen – and it’s your fault – you could incur fines, penalties, even termination of the right to accept payment cards!”

How do you become compliant?

While the process may sound daunting at first, it’s really fairly simple. You just go to a compliance management tool website like TrustWave and follow the steps to have your network scanned and fill out a short questionnaire.

There are also different rules when accepting mobile credit card payments. Check out this cool infographic from MobilePaymentsToday.com for some good notes for developers and stats on mobile credit card theft by industry, with retail listed as number one industry at 45 percent.

The regulations were created and agreed to by the four major credit card companies- Visa, Amex, MasterCard, and Discover- in 2005 to curb the increasing trend in credit card theft. Each one has its own terms for the standards which you can view a breakdown of here.
Contact us here for more information about PCI and find out how we can help you become compliant.

Photo courtesy of: www.creative-commons-images.com