What is PCI compliance and how can it impact your business? We break down the 7 most important things you need to know about PCI compliance.
- It’s there for a reason. As the Target and many other data breaches have shown, there’s a huge underground market for stolen credit and debit card numbers. Crooks will go to great lengths to get these numbers, and the resulting breaches can be very costly. Even more important, credit card processors worry that more security and data breaches will hurt consumer confidence in using their credit and debit cards, and that’s bad for everyone.
- PCI is like a guard dog that’s not afraid to turn on its master. It’s ultimately designed to protect you, and in the case of smaller firms, without much effort. But if you ignore PCI, it’s not afraid to bite. Failure to comply can mean penalties, fines, and even the inability to accept credit and debit cards.
- If you accept credit or debit cards, you can’t avoid it. One of the most common misconceptions is that PCI is only for bigger firms, only applies to businesses that process a minimum number of credit card transactions monthly, or that smaller firms are exempt. None of the above are true. If you accept credit cards, even one transaction, then you have to be PCI compliant.
- The world’s top credit card processors, who between them process the majority of credit card transactions in the world each day, created a free roadmap to help you protect against card breaches. And PCI is not just about protecting credit cards. It’s ultimately about protecting your business, your reputation, customer trust, and your future. Not a bad freebie when you think about it.
- It’s not a security guarantee. The more credit card transactions you process each year, the more complicated PCI can get. The higher the number of transactions, the more rules you have to follow and the more it will cost you. Yet in spite of all the rules, being PCI compliant is no guarantee that you’ll be secure. PCI should be seen as a baseline and a minimum standard, meant to be combined with other layers of protection.
- With so many breaches, and so much in-depth coverage of them, it’s become apparent that even major organizations with huge investments in security and compliance have still fallen victim to security breaches. That’s led to calls to make PCI even tougher. You can expect that to happen in the next few years.
- Becoming PCI compliance is easy – remarkably easy. Compliance is based around a self-assessment questionnaire. That’s right – you answer some questions and you conduct the assessment yourself. A major focus of compliance is making sure that if you accept payments through your website, your website is secure. Luckily that’s also easy. Firms like SiteLock can manage that process seamlessly and affordably.
Becoming PCI compliant is necessary for all business who accept credit cards online. If you need help getting started, SiteLock is available 24/7/365 to help. Give our security experts a call at 855.378.6200 to help.