Why Is PCI Compliance Necessary?
Many merchants ask why do they have to worry about PCI Compliance. Many don’t realize that having a merchant account means that they are responsible month after month for thousands and some times millions of dollars per month of cash, plus the protection of the merchants card account information. Obviously having a merchant account comes with a large responsibility beyond the dollars deposited into a merchants bank account. It goes without saying that while a merchant must be concerned with revenue and how to grow their business; payment card industry (PCI) compliance should be at the top of the list as well.
The purpose of PCI compliance is data security, which applies to all parties involved in processing credit card transactions. Not following the rules, whether from ignorance, or from purposely practicing risky activities can easily result in large card association fines and can even put a merchant account in jeopardy of being terminated. Notwithstanding the data breaches that might occur from these lax practices. A merchant account termination can be harmful to any business accepting credit cards and is especially risky to eCommerce accounts.
The Value Of PCI Compliance
Payment Card Industry (PCI) Data Security Standard (DSS) compliance is designed to protect businesses and their customers from credit card theft and fraud. All businesses or service providers – regardless of business size or the amount of annual payment card transactions, that store, process, or transmit payment card data are required to comply with the data standard.
The majority of data breaches are successful because they leverage “either stolen and/or weak passwords,” as stated in the 2017 Data Breach Investigations Report by Verizon. This is why the PCI SSC requires businesses to change their security passwords from the vendor-supplied defaults. The organization urges merchants to choose “complex passwords and change them frequently,” especially “after you have outside contractors do hardware, software or POS system installations/upgrades.
Currently most of the laws involving credit card fraud and data security breaches are aimed at the criminals who conduct the breaches and obtain the card data. However, state attorney offices have investigated and filed many lawsuits against companies who were found to be non-compliant during the time a data breach occurred. The only way the card associations are able to enforce the security standards are to penalize companies who do not comply and/or continue to jeopardize data protection.
In short, the Payment Card Industry Data Security Standard (PCI DSS) applies to any organization or merchant that accepts, transmits or stores any cardholder data. The PCI DSS was initiated in 2004 by the PCI Security Standards Council (SSC), which includes the major card brands American Express, Discover, JCB, MasterCard, and Visa. Further, all card associations stipulate that the PCI DSS, in addition to the individual association guidelines, have to be followed to be fully compliant. To be deemed PCI compliant you have to meet the technical requirements of the PCI DSS.
At Global Processing Systems, our friendly staff is available to help you to become and maintain PCI Compliant Status. We have partnered with several independent companies who are licensed to help all of our merchants meet these criteria in an easy to understand manner. Our PCI compliance partners will walk you through the steps necessary to earn, and maintain, your PCI compliant status. It is usually done in a matter of minutes.