Security is one of the primary concerns for most business owners today. If you’re a business owner yourself, you understand the importance of installing security cameras, alarms, and making sure your doors and windows are locked up at night.
At one point or another, you’ve probably worked with a security company to explore these options and more for your business. Your security company representative likely shared their professional opinions with you, and maybe some advice for how to keep your most valuable assets safe.
After working with a company like this, you probably feel pretty confident about how your security equipment works and what it does for your business. That’s great!
Now, how much do you know about securing payment processing equipment and cardholder data? If your instinct after reading that question is to furrow your brow or scratch your head, you’re in the right place.
As a payment processor, we’re kind of like a security consultant for your data. And today we’d like to share some professional advice with you. This post will tell you everything you need to know about maintaining compliant security standards for the safety of your business and your customers’ payment data.
Table of Contents
- About the PCI SSC
- Why is PCI Compliance Important?
- PCI Security Requirements
- How to Become Compliant
- Resources for Business Owners
About the PCI Security Standards Council
Did you know? If you accept credit card payments, you are required to achieve and maintain compliance with the PCI Security Standards Council (PCI SSC).
The PCI SSC is a global organization that maintains, evolves, and promotes Payment Card Industry standards for the safety of cardholder data across the globe. It was founded in 2006 by American Express, Discover, JCB International, Mastercard, and Visa Inc., who all share equally in the Council’s ownership, governance, and execution.
The organization serves those who work with and are associated with payment cards, including merchants, financial institutions, point of sale vendors, and hardware and software developers. The main priorities of the PCI SSC are to help merchants and financial institutions protect their payment systems from breaches and theft of cardholder data, and to help vendors understand and implement standards for creating secure payment solutions.
Why PCI Compliance is Important
So, what does all this mean for you as a business owner?
To put it plainly, you, your bank, and your payment processor all need to adhere to the payment security standards set by the Council. If you don’t follow these standards and continue to accept credit card payments, you face devastating potential liabilities such as:
- Diminished sales
- Fines and penalties
- Fraud losses
- Legal costs, settlements, and judgments
- Loss of customer confidence/trust
- Termination of your merchant account
No one wants to deal with headaches and heartbreaks like these. That’s why maintaining PCI compliance is essential! Without it, you could be putting your entire business and all of your customers at risk.
Let’s take a look at the specific standards you are required to follow to accept credit cards, and how to become PCI compliant.
PCI Security Requirements
The best way to secure cardholder data and avoid losses like the ones mentioned above is to continuously monitor and enforce the use of controls specified in the PCI Data Security Standard (PCI DSS).
Now you may be wondering, what does the PCI Data Security Standard specify?
You can find all the details you need in the PCI DSS Quick Reference Guide. Some of the subjects explored in this document include:
- PCI Data Security Standard
- PIN Transaction Security Requirements
- Payment Application Data Security Standard
- Point-to-Point Encryption Standard
- Card Production Logical Security Requirements and Physical Security Requirements
- Token Service Provider Security Requirements
Next, we’ll explore how your business can achieve and maintain PCI compliance.
How to Become PCI Compliant
As we mentioned before, the PCI Security Standards Council is equally owned and governed by major credit card brands American Express, Discover, Mastercard, Visa, and JCB International. This means that the individual card brands are responsible for validating and enforcing your compliance.
All brands have agreed to incorporate the PCI DSS (check out the quick reference guide here) as part of the technical requirements for their data security programs. However, they may have other requirements for you to follow. Click here for a full list of the card brands with links to their individual data security pages.
Once you have read and understand what is expected of your business from the card brands you accept and the PCI SSC, there is a three-step continuous process you must follow to become PCI compliant.
STEP ONE: ASSESS
Identify cardholder data, take an inventory of IT assets and business processes for payment card processing, and analyze them for vulnerabilities.
STEP TWO: REMEDIATE
Fix vulnerabilities and eliminate the storage of cardholder data unless absolutely necessary.
STEP THREE: REPORT
Compile and submit required reports to the appropriate acquiring bank and card brands.
Your payment processor should be able to help guide you through this process. And because the process of achieving and maintaining PCI compliance is always ongoing, your payment processor should also be there to help make sure your business does not fall out of compliance.
If your current processor is not offering the support you need, reach out to Electronic Merchant Systems! We have been a PCI-certified vendor for more than a decade and would be happy to help you achieve and maintain these important security standards.
PCI SSC Resources for Business Owners
To learn more about building a strong data security foundation for your business, check out these resources on the PCI Security Standards Council’s website.
We wish you luck on your quest for data security! If you’d like to partner with a payment processor to help you maintain PCI compliance while simultaneously streamlining operations and improving the customer experience, contact us using the button below!
Source: PCI SSC