November, 14, 2011
[Note: This is the second part of this topic. Please read the previous post for context]
As we saw in our last post, most businesses still don’t understand PCI Compliance. In fact, two research studies—one in the United States and another in the United Kingdom—have confirmed that fact. To help, we are seeking to provide some simple answers to the questions of PCI Compliance.
Is PCI Compliance required? The Standards were originally presented as recommendations, but they are now mandatory. If you process credit and/or debit cards, you are required to be complaint.
Since we’re a small business, do we have to comply? Many think PCI Compliance only applies to large companies. Some believe it has to do with the number of credit card transactions. But the PCI Compliance standards apply to every organization that accepts or processes credit or debit card information, including merchants and third-party service providers. It’s not about number of customers or number of transactions.
What are the risks (or consequences) of non-compliance? These layered security measures provide extra protection against theft and fraud for merchant and their customers. Businesses that experience a data breach could be subject to fines ranging from $10,000 to $500,000. For most small- to medium-sized businesses, the expenses incurred by a non-compliance violation could cause closure.
In addition, a data breach could mean costly lawsuits, extensive audits and lengthy investigations. There is also the possible loss of credit card acceptance privileges. Any of these outcomes could critically damage your reputation. Can you put a price on your good name?
How do I know if my business is PCI Compliant? Businesses who sign with Summit for their debit and credit card processing services are automatically enrolled in the PCI Smart program, which identifies a business’ compliance requirements, assists in selecting the correct self-assessment questionnaire and schedules any needed network scans. PCI Smart will also help business owners develop best practices and procedures for long-term data security, as well as provide ongoing tools, tutorials and education. Once the business has successfully completed the required processes, PCI Smart will provide the necessary validation documentation.
Do you have questions about PCI Compliance that we didn’t cover?
Post them here. We welcome your thoughts, comments, insights or questions.
Summit Merchant Solutions is a registered ISO/MSP of Fifth Third Bank, Cincinnati, OH. 2012 summit merchant solutions
