All You Need to Know About PCI Compliance

PCI Compliance

Just this week, a number of US companies just announced several data breaches that potentially compromised more than 10,000 customers and their payment data. Wawa first announced a data breach that potentially hit all of its 850 stores along the East Coast. The convenience store and gas station chain is now offering free credit monitoring and identity theft protection to those affected. On the same day, dining restaurant chain Islands Fine Burgers & Drinks issued a data breach notice of their own that mostly affected its chains in California, while Champagne French Bakery Cafe reported that its own data breach compromised 8 of its locations. 

The data breaches these three companies experienced have something in common: one, that a malware was installed on their point-of-sale systems; and two, the breaches happened from February to September 2019. 

All these instances further stressed the need for companies to add more information security into their systems. Any notification of a data breach would almost always result in a loss of trust to your patrons, and this is why PCI compliance has become even more vital to the success of your company.  

What is PCI?

PCI refers to the Payment Card Industry Data Security Standards or PCI DSS that define data security requirements to the processing, storage or transmission of cardholder data.  These standards are in place to protect consumer credit card data and prevent fraud and apply to card payments accepted in-store, over the phone, or online. All payment card information provided by customers is sensitive data so it must be well-protected.

These standards were created in 2004 by the PCI Security Standards Council, an independent council established to maintain and update these standards. The council was formed by Visa, MasterCard, American Express, Discover, and JCB Co., Ltd.—5 major card companies that saw the need for an immediate response to the worsening and increasing cases of payment card fraud. 

The PCI DSS was the result of what they agreed as the common and most minimum level of protection that companies accepting card transactions must adhere to if they want to secure payment card data of their customers. To date, PCI compliance has now become mandatory for all merchants, especially those in eCommerce.

Why is it important?

Being PCI compliant meant that at the most minimum, you have responsibly kept your systems secure and will less likely encounter potential data breaches and other fraudulent activities. Nowadays, more customers are using cards as their major payment options, and attackers have become trickier in their ways to steal card information for their own gain. 

By becoming compliant, you are sending a strong message that you value your clients and their interests seriously. Customers can trust you more with disclosing and sharing their sensitive payment card information, which would result to more profits. 

More importantly, you have become part of the solution to fighting payment card data compromise. When a breach happens, it is not just your company whose reputation has been put at risk, but the entire financial services ecosystem. This is also the reason card processing companies charge merchants non-compliance fees if they fail to maintain the proper security standards and procedures imposed by the PCI DSS.  

How can you be PCI Compliant?

PCI-DSS has a set of rules that you must follow to minimize the risk of fraud attacks. There is a different set of rules or compliance levels for every merchant level, which is determined by the total volume of sales you make in a year. 

To be compliant, you are required to fill out to complete the annual PCI Self Assessment Questionnaire or SAQ. The SAQ asks basic information about your business and what type of payments you accept and process. It also asks for a list all of your locations and facilities that accept card payments and what vendors you use. Next to the SAQ is the Attestation of Compliance (AOC) document, which validates that you are compliant as claimed in your SAQ. 

PCI-compliance is a vital step towards your business success, and that is why you should complete the SAQs and AOCs before the year ends. You do not only hold proof that you are PCI-compliant but you also avoid paying non-compliance fees from merchant account providers by being non-compliant. You can be charged up to $40 per month if you are non-compliant. 

Agapay is committed to be part of the global solution to protect merchants and their clients from data breaches and security attacks by helping you become PCI-compliant. Talk to us on how we can keep your systems secure and help you remove non-compliance fees here or call us at 800 644 3909.

Related Articles

Getting to the Heart of Easter

Getting to the Heart of Easter

Every year, the Christian faith celebrates a day that reminds them of the resurrection of Jesus after his crucifixion. This event is called Easter, which is also the commemoration of a 40-day season of fasting, sacrifice, and deep prayer.

read more

Subscribed and Stay Connected

Merchants Guide to Payment Processing

The Merchants Guide to Payment Processing

A comprehensive understanding about payment processing; pitfalls to avoid, and how to protect your hard earned income.

You have Successfully Subscribed!