What is PCI compliance?
Payment Card Industry (PCI) compliance refers to a set of standards created to help protect payment card data from exposure that could lead to financial loss. The area of PCI compliance which applies to merchants and service providers is called the PCI Data Security Standard (PCI DSS). The PCI DSS consists of requirements developed by the PCI Security Standards Council which was founded by the major Payment Brands (Visa & MasterCard). The goal of these requirements is to implement consistent data security procedures across the payment card industry. Validating PCI compliance is a requirement that the Payment Brands have put in place as a proactive measure to address data security needs.
How come I haven’t heard about PCI compliance or validation before?
PCI compliance standards have existed for years. ALL merchants, regardless of what payment processor they use, are in fact required to comply with the PCI DSS and this is required as part of the Terms and Conditions of entering into a merchant
agreement. We are offering an online validation solution through PCI TOOLKIT™ to help increase our merchants’ awareness and assist in individual compliance efforts.
What does this mean for my business?
Becoming PCI compliant and maintaining that status will help you reduce threats to your business and your customers. Any merchant or service provider (i.e. payment gateway, shopping cart, web hosting company, etc.) that accepts, handles, stores, or transmits credit card information must validate PCI compliance each year. The validation process will help educate you about what steps to take in order to make your business PCI compliant. Does validating PCI compliance guarantee a data breach will not occur? PCI compliance requirements were put in place specifically to help protect merchants from a data breach, but they do not guarantee protection. While PCI compliance does not absolutely guarantee 100% protection against a breach, being PCI compliant does absolutely increase data security and helps protect businesses from easily avoidable threats. As technology and new data security threats develop, it is important to stay up to date on PCI compliance requirements and make sure you make any changes necessary in order to remain compliant under the most current set of standards.
Leave a Reply
