Many business owners don't understand PCI Compliance.
Nor do they understand how important maintaining PCI Compliance is for their business. Unfortunately, they often tend to have the misbelief that PCI Compliance is voluntary. For merchants, PCI Compliance means adhering to specific security standards set by the Payment Card Industry (PCI). This set of security standards are referred to as the PCI’s Data Security Standards, or PCI-DSS.
Security standards are a must. They help to protect customer's card data and private information. Utilizing multiple layers of security make it more difficult for hackers to gain access to customer’s sensitive data. Every business that accepts credit card payments is required to follow best practices for secure transactions.
But it is not enough to implement the security measures for safe transactions. Merchants must also prove they are complying with the security standards. That proof is their PCI Compliance.
PCI Compliance is the merchant's proof of upholding data security standards.
While both brick-and-mortar and e-Commerce merchants must perform PCI Compliance, their requirements differ. As part of their compliance, physical store owners must fill out an annual Self Assessment Questionnaire (SAQ). On the other hand, e-Commerce merchants must perform a "vulnerability" scan every quarter to provide an in-depth survey of their entire security environment. A company certified by the processor as a PCI SSC Approved Scanning Vendor must perform the scan.
Completing these tasks is generally where merchants end up falling out of compliance. As a result, their acquiring bank will charge them a fee for non-compliance. A lot of merchants feel like the non-compliance fee is just a convenient way for processors to make extra money. They think processors use it as an expensive reminder for merchants to do their due diligence. This is far from the case. Besides the fact that security measures are a must for customer’s safety, they help protect the business from fraud. And fraud is extremely costly.
Remain compliant and avoid PCI Non-Compliance Fees.
In the event of a data breach, the card networks will fine the processor for a lack of compliance on the merchant's part. Processors must be sure their merchants maintain a secure network, take steps to protect cardholder information and implement strong access control measures. Therefore, charging a fee for PCI Non-Compliance is a way for the processor to avoid a fine themselves.
The Self Assessment Questionnaire is simply a request for standard identifying information about the business. For example, it asks for the type of business, all business locations accepting card payments, and the kind of payments accepted.
Since the Self Assessment Questionnaire (SAQ) is where most merchants fall into the trap of non-compliance, merchant service providers need to help remind their merchants. But, it's also important for merchants to stay proactive and do what's necessary to ensure they take the security of their transactions seriously. Since this assessment is an annual requirement, merchants can easily create a calendar reminder to complete it on time each year.
How do we help our merchants become and remain PCI Compliant?
How does Bankcard International Group provide merchants with support and guidance where PCI Compliance is concerned?
Our goal is to help our merchants affordably accept credit card payments while maintaining the highest level of security. For retail merchants, the majority of security measures, and therefore compliance, is built into their secure payment processing solution. Therefore, it is just a matter of proving your compliance.
Ecommerce merchants get hit with performing their compliance every quarter. Then again, the eCommerce environment carries a greater risk of fraud than retail. Of course, there are additional costs that come with completing the scan every quarter. But, that cost also gives you added security and protection from a breach that comes with knowing your vulnerabilities and the ability to take action and fix them. More importantly, it also helps to protect the merchant if there was a breach.
When it comes time to complete the questionnaire or scan, we always send our merchants an email reminder. Monthly statements will also include notifications reminding them compliance is due. If we receive notice a merchant has failed to complete their SAQ, and therefore have become non-compliant, we'll then call and urge them to become compliant.
We will also assist our eCommerce merchants with communications with their scanning vendor to make it as seamless as possible to set up their quarterly scan schedule. Once the vendor has completed a detailed review of the merchant's card data environment they will provide them with a "Report on Compliance" (RoC). The merchant then sends their report to PCI DSS as proof of PCI Compliance.
It's easy to complete your PCI Compliance!
PCI Compliance should be viewed as an ongoing process that will morph as technology advances and fraud adapts. Protecting sensitive data from fraudsters not only protects your customers, but it also protects your business. Strict security measures help you maintain your reputation and brand, as well as protect your business from expensive lawsuits, insurance claims, and fines.
Let us assure you that Bankcard International Group will never use compliance fees as a revenue center. Any Non-Compliance fee is initiated by the acquiring bank (or their certified assessor) that holds the merchant account. The processor simply passes this fee through to the merchant.
In the event you ever find you've been charged a Non-Compliance Fee, I urge you to give us a call right away. Our ETA-Certified Payments Professionals can answer any questions and advise you towards steps to become compliant quickly and as painlessly as possible. Likely, it is just that you haven’t filled out your questionnaire!!
Discover why we are the industry's leading High Risk merchant account provider.