PCI-DSS stands for Payment Card Industry Data Security Standards. They are a set of 12 requirements pertaining to credit or debit card security. All businesses (small and large merchants) who handle credit or debit card payments must comply with these standards. They provide best practice guidelines to establish a “minimum security standard” for the handling of credit card data. The independent PCI Security Standards Council (PCI-SSC) applies PCI DSS to any business that uses one or more of the big five credit card providers: American Express, Discover Financial Services, Visa, MasterCard, and JCB International.
Why You Need to Become PCI Compliant
No matter what the size of your company, if you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard. Your business needs to be PCI compliant for your own safety and the safety of your clients.
When your order management software becomes PCI compliant, you’ll be at less risk for security breaches from hackers who may try to steal credit card information, But, you’ll also reduce your risk of: increased transaction fees, card replacement costs, audits, and being cut off from your merchant service provider. Small business owners, especially those who run a business from their home, may think they aren’t at risk and don’t need to become PCI compliant. But, these are the business owners most likely to lose the most if their system is hacked – and the ones most likely to be targeted by hackers.
Making your existing order management software PCI compliant or investing in new order management software that is already compliant will help protect your business from hacker attacks, and protect the card data your customers trust you with every time they use their cards to buy something from your business.
Consequences of Not Becoming PCI Compliant
If your business isn’t PCI compliant, you run the risk of a security breach that can result in the loss of your customers’ personal credit card information. If a breach does occur in a non-compliant business, the company can face card replacement costs, expensive forensic audits and damage to its reputation. The credit card processor and issuing bank also can be fined up to $500,000 for the breach, which could lead to an increase in your transaction fees or a termination of your contract. That could prevent you from taking credit card transactions at all. In today’s technology-driven world where more and more people are relying on their credit and debit cards, this can completely destroy a business’ reputation.
How to Become and Remain PCI Compliant
To learn how to become compliant, you can refer to the PCI SSC website (PCI Security Standards Organization) . In a nutshell, you must:
- Assess your credit card processing vulnerabilities
- Address these vulnerabilities
- Submit validation records and compliance reports to the acquiring bank and card brands you do business with.
Once you are PCI compliant, you will be responsible for maintaining a secure system.
- Have quarterly scans conducted by a PCI Approved Scanning Vendor who then then submits the results to their merchant provider.
- Perform an annual PCI Self Assessment Questionnaire
- Maintain and frequently run an updated antivirus to help keep your system secure from viruses, Trojans, and other malware.
- Store limited customer data and keep your order management software up to date.
Data Management Associates in Cincinnati, OH, develops order management software that is already PCI compliant and PA-DSS V2 Certified. This means that DMA is certified to install new PCI compliant software on their clients’ sites. This can save your business money because PCI Quality Security Assessors, or auditors, will not have to inspect that aspect of your business.
While technology has opened many new doors for small multichannel retailers, business owners also need to be aware that there are people dedicated to hacking into a business’s system to gather credit and debit card information. Making your business and order management software PCI compliant will help to protect your business from losing data, money, and reputation.