Whether you’re setting up a new account or doing research for your existing merchant account you must understand the basics of PCI compliance.
I understand that this is not the most exciting topic in the world but it has become a necessary part of processing payments electronically over the past couple years.
As an account manager for hundreds of business owners I hear certain questions more than others, so here are the top 10 questions that I get asked.
TOP 12 QUESTIONS
- What is PCI DDS?
- Who does it apply to?
- How do you become compliant?
- What type of questions will be asked?
- Who manages the compliance survey?
- How often does the compliance survey have to be completed?
- Why is there a fee for becoming compliant?
- How is the compliance survey completed?
- What if I decide not to fill out the survey?
- PCI compliance is only for online businesses, right?
- How do I report my compliance to my payment processor?
- How do I find out if I’m compliant?
#1 What is PCI DDS?
The Payment Card Industry Data Security Standard is a set of requirements that all merchant account holders must adhere to in order to remain PCI compliant.
These standards or guidelines are a set of questions that aim to keep all merchant account users aligned with security measures that protect your customers’ credit card numbers from being compromised during the transaction process.
#2 Who does it apply to?
It applies to everyone who has an active merchant account. It doesn’t matter how big or small your business is or how much volume you do, you must adhere to PCI security guidelines.
#3 How do you become compliant?
Compliance is achieved by completing an online survey with a passing score. Depending on the provider those questions are usually offered in an online survey style format.
The survey is a list of yes or no questions with the occasional explanation entry based on how the question is answered.
#4 What type of questions will be asked?
The questions that are asked are all related to how your business accepts credit/debit card transactions. The methods of processing your customer’s cards are of main concern as is whether you store cardholder data on your own company servers, POS equipment or filing system.
Most point of sale equipment whether online, software, or stand alone terminal based will be PCI compliant meaning that cardholder data is properly encrypted and transmitted for approval at the time of sale.
#5 Who manages the compliance survey?
A third party vendor should manage your PCI compliance. Most merchant account providers are partnered with a PCI provider that will administer the survey that was mentioned above.
Companies like Trustwave.com are recognized authorities in payment processing security. Partnerships between merchant account providers and PCI providers exist for the benefit of you and your customers.
For a comprehensive list of providers CLICK HERE.
#6 How often does the compliance survey have to be completed?
You will be required to take a compliance survey once per year.
With that, remember that compliance is an ongoing measure. It is your responsibility as the merchant account holder to ensure that your organization is following proper PCI compliance guidelines.
#7 Why is there a fee for becoming compliant?
The fee exists as compensation to administer the compliance survey. Since the survey is offered by 3rd party providers the merchant account providers simply pass along the fee to you.
#8 How is the compliance survey completed?
Most providers offer an online survey.
The questions are given mostly in a yes/no format and once the survey is completed verification of completion and pass/fail decision is rendered.
If, and only if, the survey is completed with a passing score does the PCI compliance provider (Trustwave.com) forward the certificate on to the merchant account provider on your behalf where it is logged for a period of one year.
#9 What if I decide not to fill out the survey?
If you don’t fill out the survey, it’s likely that an additional non-compliance fee will be charged to your account. These fees usually range from $14.99 to $24.95 per month.
In addition to incurring unnecessary fees, keep in mind the following potential consequences:
- Risk of losing merchant account privileges
- Lawsuits from victims of fraud as a result of data breach
- Loss of business after word spreads that your business suffered a data breach as a result of failure to comply with PCI compliance
#10 PCI compliance is only for online businesses, right?
This is a common misconception. PCI compliance applies to all businesses that process credit cards through a merchant account provider.
All businesses need to complete the questionnaire in pursuit of a compliance certificate.
#11 How do I report my compliance to my payment processor?
Once the compliance questionnaire is complete with a passing score, the result is forwarded automatically to your payment processor.
Most providers offer you the ability to print a copy of the certificate to display in your office or place of business.
#12 How do I find out if I’m compliant?
If you are unsure if your business is PCI compliant right now, simply contact your merchant services provider. Any reputable provider will send notifications and reminders to you if you are NOT compliant but it always pays to be sure.
In the end
PCI compliance certification is here to stay. The way compliance is measured may change over the course of time, but compliance itself is a must.
If you have any questions that you would like to add to this list, please leave a comment below.