— March 12, 2019
When it comes to monetary transactions, you don’t want to just be honest and dependable. You need to go above and beyond to ensure security, transparency, and credibility. Credit card conversations cannot truly begin without talking about PCI compliance.
Yes, you also need to be thinking about security with SSL certificates. There’s American Disabilities Act (ADA) Compliance, 508 Compliance, Web Content Accessibility Guidelines (WCAG) 2.0 Compliance, and so many more that your business needs to consider. However, PCI compliance is an essential piece of the puzzle that needs to be there from the start.
Here’s what you need to know:
What is PCI Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) ensures that businesses are completely secure in their processing, storing, and transmitting of customer credit card data. This data includes card numbers, expiration dates, and security codes, as well as the cardholder’s name, their address, and any authentication data within the magnetic strip or chip.
PCI DSS is administered by an independent group, the PCI Security Standards Council, created by a partnership between all of the major credit card companies, including Visa, MasterCard, American Express, Discover and JCB; however, the enforcement of PCI compliance is not up to this group. This group instead focuses on both defining and regularly updating the best security practices and also monitoring new threats as they arise.
Does PCI Compliance only matter for online stores?
Sellers are responsible for protecting the privacy of every card they interact with—no matter whether they are selling a service or a product, no matter whether they are online or in a brick-and-mortar shop. There are different levels of PCI Compliance, depending on the number of transactions handled, as well as multiple other factors, but just when you think that you might be off the hook, remember that even those who are not storing credit card information need to be PCI compliant.
Is having an SSL certificate enough?
A website with a Secure Sockets Layer (SSL) certificate has undergone the cryptographic protocol that adds the “s” to the “http” that precedes your website’s domain name—and it’s this “s” that denotes the additional security of a website.
However, when it comes to credit cards, an SSL certificate alone does not make a business PCI compliant. Data privacy is an ever-changing challenge online. While that SSL is an important first step, it isn’t everything you need to do.
What do you need to do to be PCI compliant?
The latest PCI Compliance rules are published by the PCI Security Standards Council, but in general, to be compliant means that after determining what level of compliance is needed for your specific business through a self-assessment questionnaire, you are following all of the guidelines set forth by your specific category.
Compliance can be achieved by a range of activities, including but not limited to:
- Establishing firm data security policies,
- Removing card information from your local computer system,
- Safeguarding cardholder data by implementing and maintaining a firewall,
- Encrypting cardholder data that is transmitted across public networks,
- Logging use of network resources and cardholder data access,
- Implementing and regularly updating anti-virus software, and
- Many, many more security protocols.
What happens if you are not PCI compliant?
Sizable fines can come from a lack of PCI compliance, as can the termination of your ability to process credit cards. But beyond that, when your business is not PCI compliant, that means it’s vulnerable to data leaks, which will not only hurt those who have trusted you with their information but will also incur further costs on your business, from legal fees to the damage done to your reputation.
In short, it’s best to avoid these what-if’s and to be smart with compliance from the start.
When it comes to data security, you need to be on your game. Sometimes, there are steps you can manage in-house, and sometimes, utilizing a partner is your business’s best bet to be as rock solid as you can be.