Read our top 5 facts that any small business owner should know before working towards compliance
Firstly PCI DSS stands for Payment Card Industry Data Security Standard. This standard was created by the Payment Card Industry Security Standards Council (PCI SSC) which is made up of the top 5 payment providers – Visa, MasterCard, American Express, Discover and JCB. The standard was created in 2004 with the aim of increasing controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually and is the responsibility of each business to maintain compliance.
Read our top 5 facts to help you understand what is required and ensure your business is compliant.
1. PCI is not law, it’s a set of industry rules
A common misconception is that the PCI regulations were created by the government when in fact they were created by the big 4 payment providers themselves (Visa, Mastercard, Amex and Discover). Any merchant processing, transmitting or storing card data from any of the big 4 must comply with their PCI regulations.
2. All companies that accept credit card payments must comply
No matter how many payments you take or how big or small your business is if you are processing payment card data you are expected to comply with the PCI DSS guidelines. If you are a small business then it may be sufficient to partner with a PCI Compliant payment solutions provider.
3. There are 4 levels of compliance
While all businesses processing card payments must comply there are levels of compliance depending on the annual volume of payments you processed. The majority of SMEs will fall into level 3 or 4.
4. If you are hacked you may be fined
If your business is hacked and found to be breaching PCI regulations you may be given hefty fines. You may also be required to comply with a higher standard of data protection in the future. This will mean more expensive and time-consuming audits are required to regain compliance.
5. Compliance is not a one-off process
Validation of compliance is performed annually by a third party Qualified Security Assessor (QSA), a Report on Compliance (ROC) is written internally or self-assessment questionnaire (SAQ) is completed. The SAQ is most common for small businesses. The PCI DSS rules are also changing and are currently on version 3.2 which was released in April 2016.
Becoming compliant
While becoming PCI compliant may require an additional investment it’s there to protect you and your customers from fraud and so it is well worth the time and money invested. Start by completing a self-assessment questionnaire and finding a PCI compliant card payment solution provider.
For more information download the PCI Security Standards Council resources for small businesses
Telappliant cardassure™
For help with updating your current card payment solution to one that is PCI compliant speak to one of our team on 0345 004 4040 or contact us to find out about Telappliant cardassure™. Find a third-party provider to help de-scope your requirements.
Book a video call