Businesses today should be accepting card-based payments, regardless of their size. In addition to the convenience it offers to customers, it’s the most secure means you have of being paid. To protect consumers and their personal and financial information, many card providers have adopted a unified regulation that applies to businesses that accept these payments. Let’s review this regulation and how it impacts the average small-to-medium-sized business.
Established in 2006, the Payment Card Index Digital Security Standard (or PCI DSS) was sponsored by the members of the PCI Security Standards Council. This council was founded to help the credit card industry self-regulate and manage the standards for consumer privacy that businesses would be beholden to. You certainly have at least one of the council’s members in your wallet right now: Visa, Mastercard, American Express, and Discover.
The standards that this council established apply to any and all businesses that accept payment cards from their customers. If you process or store payment information or process digital payments, PCI compliance is mandatory.
To remain compliant, any business that accepts payment cards needs to:
Any business, all businesses, each and every business of any kind that takes credit card payments needs to get these ten things done. Many businesses already accomplish these things as part of their typical routine… if you aren’t one of them, and accept card-based payments, your non-compliance could get you in serious trouble.
The above checklist were the things that all businesses are responsible for, across the board. Based on what “level” of business you operate (according to the PCI Security Standards Council) there are other needs you must address. As the council defines them, there are four different levels you may fall into:
As a level one breach will almost certainly have an impact to a larger number of consumers, the focus of the PCI regulatory body tends to be on these larger organizations. The means just aren’t there for every business to be checked constantly. However, that doesn’t mean that small businesses aren’t also facing severe risks. Here are some of the other requirements that businesses must fulfill, based on their Merchant Level:
Considering the scale of these businesses and the reach that they have to consumers both online and in-store, these merchants have much greater responsibility. PCI compliance for Merchant Level 1 requires that merchants:
Standards relax as the number of transactions decreases, so Merchant Level 2 dictates that these merchants:
This is where most medium-sized businesses would classify, and also requires that merchants:
This level applies to the vast majority of small businesses. Like the prior two merchant levels, this level requires that all merchants:
Noncompliant businesses can be reviewed, and are generally fined, watched more closely in the future, or even prohibited from accepting payment cards at all. Obviously, this isn’t something you want to happen to your business.
To find out more about PCI DSS standards and what you can do to ensure your compliance, give the IT professionals at Horne & Benik a call at (603) 499-4400 today.
Comments