What is PCI DSS and Why Should You Care?
Does your organization accept credit cards for payment? If so, you should become familiar with PCI DSS.
What is PCI DSS?
Payment Card Industry Data Security Standard (PCI DSS) is a set of global security standards that any organization handling credit card payments should understand and comply with. PCI DSS defines the policies and procedures that organizations must follow when accepting, processing, storing or transmitting credit card information.
Why should I be concerned about PCI DSS?
Organizations found to not comply with PCI DSS may be subject to significant fines and penalties, possibly including losing the ability to accept credit card payments. Fines for noncompliance vary on the discretion of the card brands (e.g. Visa, MasterCard and AMEX) and acquiring banks, and can range from $5,000 to $100,000 per month for the merchant. These penalties could be catastrophic to a business.
What do I have to do to satisfy PCI DSS requirements?
Most small-medium businesses are classified as Level 4 merchants, meaning they process fewer than 20,000 Visa e-commerce transactions per year. As a Level 4 merchant, you will need to complete a Self-Assessment Questionnaire (SAQ) to validate compliance. The SAQ you choose is determined by the method by which you process credit cards, for example you may accept card payment via shopping carts on websites, by POS terminals, or virtual terminals. Which questionnaire to use can be determined by referencing this chart.
Upon completing the questionnaire, you may also be required to pass a vulnerability scan with a PCI-approved scanning vendor, and submit proof of compliance to your credit card processor.
Benefits of PCI Compliance
The benefits to being compliant with PCI DSS include demonstrating that you are protecting your customer’s or member’s personal information, and reducing risk by protecting your organization’s reputation and bottom line.
A single credit card security breach could result in massive damage to your reputation and brand, significant financial penalties, and lost sales. If you accept credit card payments, learn how your organization can help to mitigate these risks by becoming compliant with PCI DSS.
Find out more about minimizing the risk and cost of accepting credit cards – call me and we can have a conversation. We can also talk about improving operating efficiency, reducing costs and strengthening your organization. Reach me at 613-727-1230 ext. 212 or firstname.lastname@example.org
Richard MacNeill, FCPA, FCMA, CMC, Dipl. T. is a partner at OTUS Group, a team of advisors to business, government and not-for-profit organizations.