What You Should Know About PCI Compliance
Payment Card Industry (PCI) compliance is important whether your business consists of a single retail location accepting card payments or maintains multiple storefronts and eCommerce sites. Any location or web presence where you have a credit card merchant account requires your careful attention to ensure PCI compliance. Every business that accepts credit card payments is expected to be PCI compliant. Businesses that are not compliant can incur liabilities to card providers or face card company audits. PCI compliance is critical to your company’s reputation and ability to smoothly accept card payments.
What is PCI compliance?
The PCI Security Standards Council (PCI SSC) was originally created by major credit card companies to provide objective standards and practices for online credit card merchants to prevent data breaches and loss of sensitive customer information. The PCI SSC has created a set of Data Security Standards (DSS) that apply to merchants of all sizes. You should take the time to become familiar with all DSS provisions. In this post, we will highlight some of the most important compliance standards.
The Level of PCI-DSS Compliance You Are Required to Meet is Based on Your Annual Volume
There are four compliance levels, based on the number of transactions your company runs. Larger volume companies are more attractive to criminals and require more detailed compliance standards.
Level 1 merchants process over 6 million transactions per year. These merchants must undergo quarterly network analysis and file annual compliance reports prepared by independent security assessors. Internal reporting and testing is also required at specified levels.
Level 2 merchants process between 1 million and 6 million transactions per year. Level 2 compliance requires annual independent security assessments as well as internal testing and reporting performed at regular quarterly and annual periods.
Level 3 and 4 merchants process less than 1 million transactions per year. These vendors are required to perform different levels of internal testing and reporting at regular intervals.
The Most Prevalent PCI-DSS that Applies to eCommerce Merchants is Multilevel Authentication
The majority of data breaches suffered by eCommerce merchants involve weak or stolen passwords. Current PCI standards require that any system administrator who can access cardholder information must use multilevel authentication to access customer data. Biometrics and chipped cards are examples of authentication methods used in addition to traditional passwords.
PCI Compliance is an Ongoing Process
Hackers and information thieves constantly work on improving their sophisticated theft techniques. They anticipate and adapt to security methods, and credit card vendors must maintain constantly evolving security methods and practices. Best compliance practices require that you maintain up to date hardware and software used to process payments and store customer data and that you use a professional and responsible third-party payment processing company. (Just like us!)
PayHub Payments offers innovative and seamless payment processing for your brick and mortar retail spaces and your eCommerce stores. We are your partner in ensuring PCI Compliance and will help you be certain that your payment processing complies with all PCI DSS requirements. Contact us today for all of your business’s payment processing needs and we will explain our transparent and reliable fee structure and how we will help you stay in compliance at all times.