Initially, PCI Compliance sounds scary and like a lot of work. But, when you break it down and realize what is really being expected of you by the Payment Card Industry, it all sounds very reasonable. And, with the right merchant account service provider, very easy to manage and maintain a status of compliance.
Think about it; There have been huge breaches of credit card information resulting in thousands of people's credit card information being at risk of getting into the wrong hands. With examples like TJ Max or Heartland Payment Systems, it is plain to see the bad guys are finding our vulnerabilities and exploiting them to get the information they want. And with great success! Even the big guys are not impenetrable.
It is your job to make sure your customer's card information is safe. That is why the Payment Card Industry has asked each individual merchant to demonstrate that they handle their customer's card information in a secure manner. They will want to know some of the following;
- Do you shred, delete or incinerate full card information once it is no longer needed?
- Do you have firewall protections and secure passwords to prevent hackers from obtaining this information?
- Are you using a secure format, such as a Payment Gateway, that is encrypting card information at all times?
- Are you keeping full card information in a locked and secure environment?
- If you are mailing card information, are you doing this by a secured courier?
There are 3 generally accepted ways to maintain your compliance;
1.) If your merchant account service provider offers it, you may take a "Self-Assessment Questionnaire". Taking 10-15 minutes out of your day once a year to confirm you are acting prudently with card holder information. You may even learn more by going through this process, which is the true objective of PCI Compliance. If you are not PCI Compliant the questionnaire is designed to flag reasons why so that you can take the necessary steps.
2.) You can hire a "Scan Vendor" to review your credit card processing regularly to validate your compliance. This option is often costly as these vendors charge hundreds of dollars in annual fees.
3.) Some merchant account providers allow you the option to do nothing to verify your compliance. However, this is not recommended as this method leaves you vulnerable to the possibility of steep fines from the Payment Card Industry that are incurred if and when a breach of credit card information occurs.
When looking to become PCI Compliant in accordance with universal standards being implemented by all card types and card processors within the industry, you need to find someone who is willing to walk you through the process and take the time to explain why it is needed. Look for a service provider that has flexible options for you to register as PCI Compliant. Also, ask if they are offering "Safe Harbor" for those clients who are PCI Compliant. This means, you will not be held liable for hefty fines should a breach occur while you are PCI Compliant.
Finally, make sure the PCI Compliance fees are transparent. Some providers are charging annually, some monthly and some are increasing rates, but they are all charging something for PCI Compliance. Make sure they are up front about it. If they do not offer a Self Assessment Questionnaire and force you to enlist a Scan Vendor in order to process with them, make sure you add this to your cost as if it were a fee direct from your merchant service provider.
In all, becoming PCI Compliant is good for you and your guests. Your merchant account service provider is your partner in helping you navigate the newly implemented security measures. With their help it can be an easy and cost effective way to make sure your guest's sensitive information stays secure.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.