PCI applies to ANY organization or merchant, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID). The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB). More information on the PCI DSS is available here.
Businesses that are found to be out of compliance with PCI may be subject to fines by the entity they use to process their credit card transactions. Businesses that have a data breach where credit card data is actually stolen will be subject to much larger fines and fees from the banks, card brands, etc., and are required to report the breach, which quickly makes the news and causes further reputational damage.
The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business.
Security is a crucial part of PCI. The PCI Security Standards Council states, “Payment security is paramount for every merchant, financial institution or other entity that stores, processes or transmits cardholder data. Maintaining payment security is serious business. It is vital that every entity responsible for the security of cardholder data diligently follows the PCI Data Security Standards.”
The PCI Security Standards Council requires your business’s compliance program to include the following:
Providing an independent assessor with audit-quality documentation of these steps and your security measures simplifies compliance audits.
The Evolution of Payment Card Security
Home Depot Payment Card Breach
Protect Your Business From a Data Breach
Fill In The Form Below for industry news, and information about our services, events, webinars and more.