Your customers trust you’ll keep their credit card details safe. Breach this trust — allow their card details to be stolen, and you face lost reputation and sales, government fines, and even lawsuits. Aaagh, scary isn’t it? But, it needn’t be.
The best safeguard against these risks is compliance with PCI DSS — the Payment Card Industry Data Security Standard. Here’s a simple rundown on what it is, how to get it — and why compliance is a must if your business takes credit card payments.
What is PCI compliance?
In 2000, online revenue lost from fraud totalled $1.5 billion. The major players in the credit card market — VISA, MasterCard and American Express (understandably) wanted a way to reduce losses and ensure customers could safely shop online. PCI DSS is what they came up with. When you read that a business has “PCI compliance” (such as IntegraPay) it means that an independent auditor has assessed compliance with this standard, and issued a compliance certificate. You can see IntegraPay’s PCI certificate here.
In a nutshell, a valid PCI Compliance certificate provides assurance about:
1. Network security: The network receiving the credit card data is secure against attacks
2. Maintenance: All security systems kept current, with up-to-date firewalls, antivirus, and security maintenance
3. Access control: All data is encrypted, and only accessed on a need-to-know basis
4. Monitoring: Data security is monitored 24/7
Of course, security isn’t free. Meeting the standard requires both money and expertise — some smaller businesses question if they really need PCI compliance. They most definitely do.
The risks of trading without PCI compliance
The first, obvious risk is that your customers’ credit card details will be stolen, either from being intercepted during the payment, or hacked afterwards. The direct consequence of this is lost businesses reputation and sales. But even if you then fix the problem, negative reviews and word-of-mouth will remain to warn off future customers. Credit card theft is a big deal, and your business will be irrevocably tarnished.
Furthermore, there’s also a real possibility you’ll be fined by your country’s financial regulator, and be liable in a lawsuit commenced either by the customer, the credit card company, or their insurers. A lawsuit will sink any small business.
PCI compliance needn’t cost a fortune
The good news, however, is that even a small business can achieve PCI compliance within budget. Instead of shouldering all of the burden, you can use an audited, PCI Level 1 payments processor to assist you. IntegraPay has numerous processes and functions to assist your business software becoming PCI Compliant.
Here are some really simple rules in your business to assist with security:
- Use strong passwords and change default ones
- Protect your card data and only store what you need
- Inspect payment terminals for tampering
- Install patches from your vendors
- Use trusted business partners and know how to contact them
- Protect in-house access to your card data
- Don’t give hackers easy access to your systems
- Use anti-virus software
- Scan for vulnerabilities and fix issues
- Use secure payment terminals and solutions
- Protect your business from the Internet
- For the best protection, make your data useless to criminals
You can get some really helpful hints from PCI here. So, is your payment processor PCI Compliant? Are you?
Get in touch with our payments experts and we’ll demonstrate how easily your business can have PCI Compliant payments processing.