The horror stories surrounding fraud are everywhere. Large-scale security breaches, data hacks and an air of uncertainty among card-holding customers are all things that can be better avoided with PCI compliance. Though there are numerous security options available to cover all areas of your business, PCI compliance is a no-brainer, not to mention mandatory for business, when dealing with credit cards. That being said, there are plenty of PCI compliance misconceptions that might add confusion to the mix.
Prioritizing security at your business should mean making yourself PCI compliant as soon as possible. Fraud can happen in a split second, and one breach can be all it takes to start the murmurs of lost customer trust traveling through the grapevine. That is the last thing you will want to be said about your business, so take heed of Payline’s advice: become PCI compliant.
What is PCI?
PCI compliance sounds complicated, but in fact, it is a simple security guide for your business to live by. PCI, or PCI-DSS as it is also commonly referred to, is the Payment Card Industry (Data Security Standard). It is a set of requirements in place to make credit card processing more secure. Outlined by the Official PCI Security Standards Council, there are 12 main requirements within the PCI Standard. Here is a small sampling of what some of them are:
- Install and maintain a firewall configuration to protect cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Restrict access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Do regular testing of security systems and processes.
These requirements fall under 6 general goals for becoming PCI compliant, but all 12 actual requirements have to be adhered to in order to achieve compliance.
The number of requirements to become PCI compliant seems like a lot of effort between time and money, but trust us at Payline when we tell you that it is worth the investment. It may be tempting to brush off the task of becoming PCI compliant – this is a mistake of gargantuan proportions.
The costs to your business by missing the PCI train will end up being more of a pain in the you-know-what than actually complying will be. Sky-high fines and lack of customer trust are just two of many things that you’ll have to worry about if you avoid it, but taking the PCI compliance plunge takes that worry right away. However, be careful not be led astray by these common PCI compliance misconceptions.
PCI Compliance Misconceptions
Passing ASV is Smooth Sailing into Full PCI Compliance
Incorrect. In addition to completing a self-assessment questionnaire, you must also pass an ASV scan, or approved scanning vendor. An ASV is a company that helps implement certain PCI DSS requirements by way of certification. That certification can then be presented as proof of compliance to customers and acquiring banks.
Not Storing Credit Cards? No PCI Compliance Necessary.
Also incorrect. Just because you do not store credit card data in your system does not mean that PCI compliance only qualifies as a friendly suggestion. The act of processing and handling credit card data is also something that PCI compliance covers.
PCI Compliance is Only for eCommerce
You see where we’re going with this, right? PCI compliance applies to in-store, online, and mobile payment processing with credit cards.
PCI compliance may seem like a pain to have to work for, but as the saying goes, “nothing worth having comes easy.” The good news? PCI compliance is worth having, and it’s easier to achieve than it sounds. Once you have it, you only have to maintain it. If the security of your business and its customers are already your priority (and they should be), then maintaining PCI compliance will just be smooth sailing. For even more in depth PCI compliance info, download our Payline white paper.
This piece was written by Lauren Minning, Content Specialist for Payline.