Is your business PCI compliant?
June 28, 2013
By Anne Heraghty, Midwest Transaction Group
Technology in the payments industry continues to evolve at break-neck speed. As advances are made, so are ways to attack data bases that can cause serious breaches, wreaking havoc for credit card holders and the businesses they frequent. And while large corporations have upped their security measures with vast resources, small and mid-sized businesses that either underestimate their vulnerability to attack or the value of maintaining basic safety measures such as PCI, have become fraudsters’ newest targets.
Increasing the level of awareness for merchants on security issues is one important step toward reducing vulnerability. But in order to truly protect a business from potential fraud, the importance of maintaining yearly PCI compliance is fundamental. Not only that, it is required by card brands in order for a business to accept payments with their cards.
What is PCI?
The Payment Card Industry Security Standards Council (PCI SSC) was founded in 2006 by five global payment brands — American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. It framed a set of guidelines to ensure credit card transactions are handled safely and securely, protecting cardholder data at every step in the transaction process. PCI Data Security Standards (PCI DSS) must be met yearly by every merchant who processes credit/debit card transactions. Regardless of the method of payment acceptance at your business – in person, over the phone, e-commerce or via a virtual point of sale solution – businesses processing credit/debit card payments must be PCI compliant. There can even be penalties assessed to your business for non-compliance.
The percentages of businesses that operate without maintaining PCI is alarming. It is like operating your PC without malware; even though a computer brand has done its best to protect us from system vulnerabilities, every year we update Norton, McAfee or other programs to help protect us against viruses or breaches. It should be the same with processing systems; credit card information must be protected at the highest possible levels and PCI is an integral part of that.
There are ways a processing partner can and should help a merchant become and stay compliant:
- Educate, explain and clarify the PCI DSS requirements
- Ensure each merchant understands PCI DSS and their responsibilities
- Prompt the merchant to move along the path to compliance
- Provide step by step assistance with the Self Assessment Questionnaire (SAQ)
- Ensure merchants have properly achieved PCI Validation/Compliancy
- Assist merchants in maintaining compliance at all times
During this era of advanced technology, where data breach attempts are common, do all you can to protect your business and be sure that your processor has the same goal. Check with your processor to ensure that your business is PCI compliant. MTG/Veracity works with one of the best security companies in the trade as a partner in this endeavor: Sysnet Global Solutions. We can be your expert resource. Call us with any questions you might have regarding PCI: 1.888.599.2209.