I think we can all agree that credit cards are pretty nifty things. They let you make spontaneous purchases that you probably can’t afford, but it’s okay because you don’t have to worry about it until you get the bill at the end of the month! Plus they’re nice and shiny, and it’s super satisfying to slide the bar through the card reader.
But, let’s talk about something a little less nifty, a little less convenient. Let’s talk about how some dude who knows how to use a computer a little too well can steal all the credit card data a business has on file and use it to prance around buying whatever they please while a few million people poop their pants when they find a bunch of charges on their cards that they DEFINITELY were not responsible for.
For example, between November 27 and December 15th of 2013, more than a whopping 40 million customer credit and debit card numbers were stolen by cyber thieves from Target when malware was planted on cash registers in stores across the United States.
According to The Nilson Report, card fraud losses worldwide (including credit, debit, and prepaid cards) reached $21.84 billion, and is estimated to get worse. The projected amount of losses worldwide due to card fraud in 2019 is $32.82 billion.
In other words: yikes. The world is teeming with credit card thieves, and they are thriving. Unfortunately for you, this means that if you handle credit cards, you’ve got some extra responsibilities to fill. Specifically, PCI compliance.
PCI compliance will protect your customers’ money at least as well as this adorable - Um, I mean vicious - ball of fur.
What the heck is PCI compliance?
Essentially, PCI compliance is a set of standards put forth to ensure credit card security. In order to meet PCI compliance regulations, you need to:
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
If you’re storing credit card numbers unencrypted, or CVV codes AT ALL, you are asking for a world of hurt.
Do I need to be PCI compliant?
Now, you might be saying to yourself, “This seems like an awful lot of work. Do I really need to worry PCI compliance? It seems like such a drag.”
Well, here’s the deal: if you accept credit cards, you need to be PCI compliant. Here’s why:
There are a lot of jerks out there who would love to steal your customers’ credit card information. Maybe they’ll go use it to buy hundreds of dollars worth of Taco Bell, or buy a self cleaning litter box (These things have happened; I guess fast food cravings and cat poop will drive a person to desperation).
Then again, who can blame the guy?
Regardless, your customers probably aren’t going to be happy to find out someone is partying it up with their money. Not to mention once the credit card companies and banks find out and decide to fine you thousands of dollars, increase your transaction fees, and terminate your ability to accept credit cards in the first place.
If you’re not PCI compliant, you’re in for a bad time. Don’t end up a hot mess.
But, luckily for you...
PCI compliance doesn’t need to be difficult!
I know, right? Phew!
There are different levels of PCI responsibility. If all you do is swipe cards, you have a very different responsibility than if you store card information electronically and accept payments online.
Here’s a tip: If you want to make things really easy on yourself, then don’t accept credit cards on your own website. Instead, accept credit cards through a PCI approved vendor (Like ChargeOver!) that is equipped to accept cards securely. That way, you don’t have to touch or store the credit cards at all. We do that for you! PCI compliance for you can become as simple as filling out a short online questionnaire ( Way better than, say, having to have actual auditors walk through your building checking locks on doors and looking for security cameras to make sure the data is protected).
How can ChargeOver help me with PCI compliance?
Well, funny you should ask. With ChargeOver, PCI compliance is a piece of cake!
- Storing credit card or ACH/eCheck information securely for subscription management? We do that.
- Prompting customers to agree to auto-pay terms and conditions? Yep.
- Let customers securely pay online? Of course!
- Customers want to sign up for new subscriptions securely online? Mmhmm!
- No vendor lock-in:
With ChargeOver, you can export your data at any time. No having to worry about recollecting payment details if your needs change.
So, though it may seem so at first, PCI compliance doesn’t have to be scary, or complicated, or an act of total masochism (unless you’re into that). To make life really easy, ChargeOver can do it for you!
So, what are you waiting for? Go out and protect some credit cards. Quick, before your best customer looks at their statement and finds out they suddenly have purchased more than a hundred burritos.