About PCI Compliance

Monday, September 19, 2016 9:58 AM | Anonymous

You may have been assessed a $30 monthly penalty for failing to maintain a PCI Compliance Certificate with your credit card processor. That $30 fee is a fine initiated by the acquiring banks and back-end processors who assess a penalty when your PCI Compliance Certificate is not kept up to date. It is very important for all merchants in the United States to remain PCI compliant in an effort to reduce fraud and data breaches from happening. In 2006, an independent body was created by Amex, Visa, MasterCard, Discover and JCB to effectively try to reduce credit card fraud caused by poor handling of credit card information by merchants and their employees. On a grand scale, think of Target and its data breach of nearly 40 million credit card numbers from their internal computer servers. This should paint a pretty big picture of why the need for PCI compliance exists. If Target can suffer such a damaging breach, small and medium businesses across the U.S. are surely vulnerable to such breaches. Our goal is to help you protect your business and avoid being fined for non-compliance.

In the majority of merchant related fraud cases, merchants were largely responsible for the leaks of credit card data by improper handling of credit cards by employees or inefficient security walls and protection in their servers. Merchants are provided card numbers, expiration dates and the magic three or four-digit security codes. If written down, they become a license to steal by anyone who happens upon them. This is what makes PCI compliance so important to the credit card processing industry as well as card issuers. PCI in our own terms is merely a "how to guide" or rule book on the most secure methods to process credit cards. No matter what type of merchant you are, if you accept credit cards you are mandated to be PCI Compliant. We relate this mandate to the equivalent of a liquor store holding a liquor license. There are certain rules and policies liquor store merchants must follow with respect to selling alcohol.

In its proper acronym, it is called PCI DSS. That's Payment Card Industry Data Security Standards. A simple Self-Assessment Questionnaire (SAQ) is completed by merchants on an annual basis and submitted to your processor to insure that you are handling credit card numbers with sensitivity and your computers cannot be hacked by an outside source. It's simply an annual review that reinforces and reexamines the way you do business with credit cards. This should not be viewed as a bad thing but rather a good thing that helps protect your business. Just like an annual checkup with your doctor, the annual SAQ reviews the health and wellness of your data security.

As a merchant, you are responsible for safeguarding your client's credit card information. Once a credit card number is entered into your computer system it must be stored in an encrypted format so employees are only able to see the last four or five digits of the card number and never have access to the entire number again.

Developing policies that prohibit the transmission of credit card information by email or text messaging with your employees can further prevent data breaches from occurring.

Written by: 
Jeff Brodsly
CEO, Chosen Payments

© 2017 National Limousine Association
49 S. Maple Avenue, Marlton, NJ 08053
T 800-652-7007 | F 856-596-2145 | info@limo.org

Powered by Wild Apricot Membership Software