The importance of everyone being PCI compliant
You’re taking credit card payments. Are you PCI DSS compliant? Let’s start with defining what PCI DSS actually is — “PCI DSS stands for Payment Card Industry Data Security Standard, which sets the requirements for organizations and sellers to safely and securely accept, store, process, and transmit cardholder data during credit card transaction to prevent fraud and data breaches.” - squareup.com — Great, now that we defined what PCI DSS is there are many myths about how to be PCI DSS compliant. For a deeper dive into the potential liabilities, rules and regulations of PCI DSS security and compliance, visit their website at: www.pcisecuritystandards.org
In the meanwhile, here are six myths and truths you need to know about being PCI DSS compliant:
1 - TRUTH: If you handle credit card information, you must be PCI DSS compliant.
Plain and simple. Yet, the actual requirements are different depending on how you’re handling the information. If you’re storing the information vs. just letting someone check out, the requirements change.
2 - TRUTH: The process is fairly easy
Depending on how you’re handling the information, the process can be a short list of questions that ideally are no-brainers. Such as, “Did you change your default wifi password” or “Do you store written down credit card information in a secure location?” This process helps protect you and the cardholder’s data. If there are any questions that you cannot answer, it is wise to make sure that is completed before continuing.
3 - MYTH: Small businesses don’t need to worry about PCI Compliance
If you handle cardholder data, you need to be PCI compliant. There are fines and penalties for neglecting to be PCI DSS compliant. Although the actual process of becoming certified may be daunting, it should not be scary or forgotten.
4 - TRUTH: It’s important for everyone’s security
In an incredibly digital society, security and privacy-focused society are a priority. Without security, your customers lose the feeling of trustworthiness. There are multiple examples of business that did not have secure enough practices and ended up putting millions of customers at risk. HomeDepot, Staples and NewEgg.com to name a few. With such high profile companies being breached, it is a warning for all that keeping your business PCI DSS compliant is crucial for security.
5 - TRUTH: It doesn’t matter if you have hardly any transactions
If you have one transaction or you have many transactions routing through your business, you need to be PCI DSS compliant. “Even if the merchant accepts credit cards through a properly designed payment gateway, they are still required to be PCI compliant. Even if the merchant never even sees or touches the card data, they are required to be PCI compliant merely because they get paid by credit card. End of story.” Keith Palmer, CTO of ChargeOver.
6 - MYTH: Organizations using third-party processors don't have to be PCI DSS compliant
Using a third-party company does not mean that it excludes a company from needing to be PCI DSS compliant. Even if the third-party processors shield them from some risks and reduce the chances of being validated, it can still happen. You’re still putting yourself and the cardholders at risk by not being PCI DSS compliant.
Check out our blog more information about PCI DSS compliance and other related topics.