Merchant PCI Compliance
Why Is PCI Compliance Necessary?
Many merchants ask why do they have to worry about PCI Compliance. Many don’t realize that having a merchant account means that they are responsible month after month for thousands and some times millions of dollars per month of cash, plus the protection of the merchants card account information. Obviously having a merchant account comes with a large responsibility beyond the dollars deposited into a merchants bank account. It goes without saying that while a merchant must be concerned with revenue and how to grow their business; payment card industry (PCI) compliance should be at the top of the list as well.
The purpose of PCI compliance is data security, which applies to all parties involved in processing credit card transactions. Not following the rules, whether from ignorance, or from purposely practicing risky activities can easily result in large card association fines and can even put a merchant account in jeopardy of being terminated. Notwithstanding the data breaches that might occur from these lax practices. A merchant account termination can be harmful to any business accepting credit cards and is especially risky to eCommerce accounts.
The Value Of PCI Compliance
Since January 2005, more than 346 million records with sensitive information have been breached according to recent industry studies. In 2009 the cost was of a data breach was $204 per compromised customer record. This study comprised 45 companies, and it was revealed that the average total cost of a data breach was $6.75 million.
Currently most of the laws involving credit card fraud and data security breaches are aimed at the criminals who conduct the breaches and obtain the card data. However, state attorney offices have investigated and filed many lawsuits against companies who were found to be non-compliant during the time a data breach occurred. The only way the card associations are able to enforce the security standards are to penalize companies who do not comply and/or continue to jeopardize data protection.
In short, the Payment Card Industry Data Security Standard (PCI DSS) applies to any organization or merchant that accepts, transmits or stores any cardholder data. The PCI DSS was initiated in 2004 by the PCI Security Standards Council (SSC), which includes the major card brands American Express, Discover, JCB, MasterCard, and Visa. Further, all card associations stipulate that the PCI DSS, in addition to the individual association guidelines, have to be followed to be fully compliant. To be deemed PCI compliant you have to meet the technical requirements of the PCI DSS.
At Global Processing Systems, our friendly staff is available to help you to become and maintain PCI Compliant Status. We have partnered with several independent companies who are licensed to help all of our merchants meet these criteria in an easy to understand manner. Our PCI compliance partners will walk you through the steps necessary to earn, and maintain, your PCI compliant status. It is usually done in a matter of minutes.