What is PCI compliance and how does it affect my business?


January 2019


The PCI DSS (Payment Card Industry Data Security Standard) is a set of standards that are put in place to ensure that all companies accept, process, store, and/ or transmit cardholder data (i.e., credit card information) in the safest possible manner. The PCI DSS is run by the PCI Security Standards Council, which is an independent body founded by the five largest credit card companies. According to Verizon’s PCI DSS Compliance Report, 80% of organizations are still non-compliant. That’s a large number of businesses still at risk of a breach.


How did it get started?

The PCI Council started the initiative in 2006 to improve the security of payment transactions. The five credit card companies that comprise the PCI Council believe that sellers and organizations that accept credit cards are responsible for the security of those transactions. This is why it is crucial that preventative measures are set in place to stop the theft of cardholder data. PCI compliance is crucial for a number of reasons.

• If you’re using more than one independent provider to service your payment cycle, then you are more than likely sending out and storing your customers’ data between all of your different providers. This makes the responsibility fall onto your business for validating and maintaining PCI compliance.

• Every time you pass data between your different providers, PCI compliance regulations require that the seller ensures that each and every step is encrypted and protected in a way that only authorized parties can access.

• A self-assessment questionnaire is provided by the PCI Council that includes a checklist of their requirements that need to be fulfilled depending on transaction volume.

Being non-compliant also comes with financial consequences. You could face fines that range from $5,000 to $100,000 a month. The fines given out to the payment processors or credit card companies, and not the business, but it is more than likely that those acquirers will recoup their money and with added penalties.

Many of the changes in the payment processing ecosystem over the past few years have been made with heightened security in mind, as companies look to stamp out fraud and reduce identity theft. However, the transition to a more secure payment environment has not always been easy, and some aspects of the transition lag behind where many think it should be at this point.

The good news is that the industry-wide push for increased security – through both EMV and mobile adoption – seems to be paying off these days, as more companies realize the importance of the compliance and find effective ways of catching up, according to a report from Read IT Quick. The general trend toward broader consumer acceptance of these payment types is clear enough these days, but now that merchants are getting on board in earnest as well, it’s likely that use of and demand for more advanced security systems will pick up appreciably in the months and years ahead.

To get started ask your payment processor about their PCI Compliance merchant program.