Sunday 13 May 2012

PCI Compliance is Required

By John Corey


If you are a merchant then one of the things that you might find yourself asking is "What is PCI compliance?" PCI is the acronym for Payment Card Industry. The Payment Card Industry is basically the top five companies that are known for their payment card processing. These five companies are American Express, Discover, Japanese Credit Bureau, Mastercard, and Visa. They are known for their logos and their logos are actually accepted around the globe in many different places.

If many small businesses lose their ability to accept credit card payments due to de-certification it could have effects that are far-reaching. All stores who process cards are impacted by this new requirement. Online stores that use a hosted 'virtual' processing system are not PCI compliant. These merchants are not exempt from PCI compliance. Fraud prevention is not a laughing matter and needs to be taken seriously. What can you do if you are a merchant to be sure you are not de-certified?

Being PCI compliant means you are protecting the information about your customers and their payment information. You need to have your computer systems restricted as to who can access them. If you have remote locations or users logging in there needs to be more than one method of authenticating them other than a password. Encryption of your data if it is transmitted over the internet is paramount. While most big business have already implemented these practices many small businesses have not. The amount of paperwork and costs may be what has prevented the smaller businesses from coming on board. However, this is no longer a choice if you want to continue to accept credit card payments.Being PCI compliant means you are protecting the information about your customers and their payment information. You need to have your computer systems restricted as to who can access them. If you have remote locations or users logging in there needs to be more than one method of authenticating them other than a password. Encryption of your data if it is transmitted over the internet is paramount. While most big business have already implemented these practices many small businesses have not. The amount of paperwork and costs may be what has prevented the smaller businesses from coming on board. However, this is no longer a choice if you want to continue to accept credit card payments.

Level 3 merchants have 20,000 to 1 million Visa and/or Mastercard e-commerce transactions processed per year. You must complete a Self-Assessment Questionnaire (SAQ) annually, and this level also requires a network scan with an approved scanning vendor. If you are a level 4 merchant you have less than 20,000 Visa and/or Mastercard e-commerce transactions processed per year. You must complete a Self-Assessment Questionnaire (SAQ) annually, and it requires a network scan with an approved scanning vendor.

So by maintaining proper security standards there is not going to be a cost of PCI compliance. The problem is that the fines are rather heavy if you are not in compliance. Now if you have to change some things and this ends up costing you some money you can always consider the cost of the fines and the reputation of your business if you had chosen to not follow through with this important compliance. In the end you will easily see how this is a much cheaper option then taking your chances on being fined.




About the Author:



No comments:

Post a Comment