MERCHANT SECURITY IS OUR
The Hows and Whys of PCI Compliance
What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a security standard set forth by the Payment Card Industry Security Standards Council (PCI SSC). Compliance is validated through either a Qualified Security Assessor or by a Self-Assessment Questionnaire (SAQ) for smaller-volume companies.
What is the point of PCI?
PCI DSS was implemented to enhance cardholder data security and establish a consistent data security standard throughout the globe. There are twelve requirements for PCI compliance that vary from protecting and restricting access to stored cardholder data to maintaining information security policies. PCI also applies to everyone involved in the transaction processing including merchants, processors, issuers, service providers, acquirers, and anyone who handles sensitive cardholder or authentication data.
Do I need to be PCI compliant?
If your organization is involved with the transmission, storage, or use of payment card processing information in any regard, then the PCI DSS applies. This includes storefront retailers in addition to e-commerce merchants.
Visa, MasterCard, and other major card brands require their merchants to be compliant with the PCI DSS.
What happens if I am not compliant?
The fines levied by credit card institutions and banks against non-compliant merchants can reach $500,000 depending on the severity of the non-compliance and any issues or security breaches that may have resulted. Should a breach have occurred, other fines could include a fee for each cardholder that was compromised, the loss of the business’ merchant account, and the suspension or termination of credit card acceptance. Consumer trust is also affected and potential legal issues could arise for failing to protect sensitive information as well.
How do I become PCI compliant?
The first key to becoming PCI compliant is to understand what is outlined in the PCI DSS. The PCI DSS Quick Reference Guide (PDF) is a good place to start, as it outlines six goals and twelve steps of compliance. Once you are familiar with the general idea of what PCI compliance requires, contact your merchant services provider. Because not every business has the same security needs, they will be able to inform you exactly what is needed to become compliant.
AMG PCI is part of the Advanced Merchant Group network.
Local: (215) 809-1000
Toll-free: (877) 997-9473
Fax: (215) 701-4989
© 2016 Advanced Merchant Group, Inc.
AMG PCI is a resource site owned by Advanced Merchant Group.
Advanced Merchant Group is a registered ISO of Wells Fargo Bank, N.A., Walnut Creek, CA. American Express may require separate approval.