Top 5 PCI facts every small business owner should know

PCI DSS applies to all businesses that accept card payments but many business owners don’t fully understand what PCI is and how it’s enforced.

FTTC internet

Read our top 5 facts that any small business owner should know before working towards compliance

Firstly PCI DSS stands for Payment Card Industry Data Security Standard. This standard was created by the Payment Card Industry Security Standards Council (PCI SSC) which is made up of the top 5 payment providers – Visa, MasterCard, American Express, Discover and JCB. The standard was created in 2004 with the aim of increasing controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually and is the responsibility of each business to maintain compliance.

Read our top 5 facts to help you understand what is required and ensure your business is compliant.

1. PCI is not law, it’s a set of industry rules

A common misconception is that the PCI regulations were created by the government when in fact they were created by the big 4 payment providers themselves (Visa, Mastercard, Amex and Discover). Any merchant processing, transmitting or storing card data from any of the big 4 must comply with their PCI regulations.

2. All companies that accept credit card payments must comply

No matter how many payments you take or how big or small your business is if you are processing payment card data you are expected to comply with the PCI DSS guidelines. If you are a small business then it may be sufficient to partner with a PCI Compliant payment solutions provider.

3. There are 4 levels of compliance

While all businesses processing card payments must comply there are levels of compliance depending on the annual volume of payments you processed. The majority of SMEs will fall into level 3 or 4.

4. If you are hacked you may be fined

If your business is hacked and found to be breaching PCI regulations you may be given hefty fines. You may also be required to comply with a higher standard of data protection in the future. This will mean more expensive and time-consuming audits are required to regain compliance.

5. Compliance is not a one-off process

Validation of compliance is performed annually by a third party Qualified Security Assessor (QSA), a Report on Compliance (ROC) is written internally or self-assessment questionnaire (SAQ) is completed. The SAQ is most common for small businesses. The PCI DSS rules are also changing and are currently on version 3.2 which was released in April 2016.

Becoming compliant

While becoming PCI compliant may require an additional investment it’s there to protect you and your customers from fraud and so it is well worth the time and money invested. Start by completing a self-assessment questionnaire and finding a PCI compliant card payment solution provider.

For more information download the PCI Security Standards Council resources for small businesses

Telappliant cardassure™

For help with updating your current card payment solution to one that is PCI compliant speak to one of our team on 0345 004 4040 or contact us to find out about Telappliant cardassure™. Find a third-party provider to help de-scope your requirements.

Book free demo

cardassure™ solution

Like what you’ve read?

Join our newsletter and receive regular updates, guides and articles that can help you improve your business infrastructure.

Share this article

Want to get started?

View our products & services or get in touch with one of our advisors.

General Email

For enquiries & support

Share this page