If you're a business owner, you've probably come across the phrase “PCI Compliance.” My clients are frequently asking about PCI Compliance – what it is and why it's important to them.
The acronym stands for Payment Card Industry, and it refers to the security standards that major companies in the payment card industry (Visa, MasterCard, AmEx, and Discover) have agreed upon.
PCI security standards primarily address the protection of cardholder data.
Among other things, they prohibit the harvesting of information like PIN numbers from credit card terminals, and they ensure that point-of-sale systems don't retain the data embedded in the magnetic strip of a credit card, which can be used to clone cards. Since credit card fraud is $190 billion last year, and increasing each year, remaining compliant is an ongoing process.
The annual compliance test is designed to help merchants ensure that they are actively engaged in protecting themselves and their customers from fraud.
Adhering to the 12 principles of PCI Compliance can help keep your business from the embarrassment of a big data breach like this one (link to recent news article).
In addition to damaging the reputation of your business, there can be financial consequences to noncompliance. Fees are levied by the major card companies, and the Federal Trade Commission could require up to 20 years of audits.
Bob Russo, the general manager of the PCI Security Standards Council, believes that the biggest challenge for the industry is education: Some of the smaller merchants that just come into the business don't really know what their responsibilities are with regard to handling credit cards.”
I consider it part of my job to stay educated in the payment industry, and I pride myself on being an educational resource for my clients. Click here for more information about credit card fraud and PCI compliance.