(800) 536-2156

PCI applies to ANY organization or merchant, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

About PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID). The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB). More information on the PCI DSS is available here.

Why PCI Compliance Matters to Your Business

Businesses that are found to be out of compliance with PCI may be subject to fines by the entity they use to process their credit card transactions. Businesses that have a data breach where credit card data is actually stolen will be subject to much larger fines and fees from the banks, card brands, etc., and are required to report the breach, which quickly makes the news and causes further reputational damage.

The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business.

Considerations for a PCI Security Compliance Program

Security is a crucial part of PCI. The PCI Security Standards Council states, “Payment security is paramount for every merchant, financial institution or other entity that stores, processes or transmits cardholder data. Maintaining payment security is serious business. It is vital that every entity responsible for the security of cardholder data diligently follows the PCI Data Security Standards.”

The PCI Security Standards Council requires your business’s compliance program to include the following:

  1. Build and Maintain a Secure Network
  2. Protect Cardholder Data
  3. Maintain a Vulnerability Management Program
  4. Implement Strong Access Control Measures
  5. Regularly Monitor and Test Networks
  6. Maintain an Information Security Policy

Providing an independent assessor with audit-quality documentation of these steps and your security measures simplifies compliance audits.

PCI Compliance Videos

PCI Compliance

The Evolution of Payment Card Security

Home Depot Payment Card Breach

Protect Your Business From a Data Breach

Experience VITECH… Find Out What Our Clients Say About Our Solutions…

Get The Latest News & Information About CyberSecurity

Fill In The Form Below for industry news, and information about our services, events, webinars and more.