This graphic explains what PCI compliance is, that is required for all companies that accept credit card transactions, and outlines the PCI Compliance Process.
1. COMPLIANCE
PCI
WHAT IS PCI
COMPLIANCE?
& WHY IS IT
IMPORTANT?
PCI (Payment Card Industry) compliance
requires following mandatory guidelines
governing how credit and debit card
information is captured, processed and
stored. These rules exist to reduce fraud.
Whether you’re a business or a nonprofit,
becoming PCI-compliant is essential
if your organization handles credit
cards. Below, we outline why compliance
matters, its benefits, and how you can
protect yourself.
PCI COMPLIANCE AT A GLANCE
WHY PCI COMPLIANCE
IS REQUIRED
2 STEPS TO PCI COMPLIANCE
PCI COMPLIANCE IS
ONLY THE BEGINNING
Your organization accepts, transmits
or stores card payment data, including:
• Account numbers
• Cardholder names
• Expiration dates
• Card verification values (CVVs)
Businesses of any size must safeguard
any credit card information that enters
their organization.
PCI compliance makes it harder for thieves to access sensitive card
data — both during the transaction and afterward. These security
guidelines help protect card information whenever it is:
• Accepted — whether at a POS terminal or in an e-commerce
shopping cart.
• Transmitted — whether wirelessly, by phone or over the Internet.
• Stored — whether digitally or as paper-based files.
Noncompliance results in hefty fees from the major card brands.
Penalties can range from $5,000 per month to $100,000 per month.
PCI compliance offers several important advantages. As a merchant,
compliance benefits you by:
1. SAVING YOU TIME AND MONEY
Reduce the risk of having to cover fraudulent
losses out of pocket. Card brands will charge your
business fees due to a data breach. Don’t forget
about the additional expenses associated with
forensic investigations for when a breach occurs.
It can take months to undo damage, and you might
spend a fortune in legal fees. Even if a breach
does not occur, you may get charged monthly fees
if your business is not PCI Compliant.
2. ATTRACTING MORE BUSINESS
Just one data breach can scare business away.
By providing a safer shopping experience, you can
increase customer confidence in your organization.
Your customers benefit, too. Remember that they also have to spend
time and money trying to reverse unauthorized charges.
But how do you become compliant?
STEP 1
You fill out the SAQ to determine if there is anything
else you need to do to be compliant and to see if you
are eligible to have a monthly scan of your system done.
The SAQ is what identifies if you have deficiencies.
You’re looking for potential vulnerabilities that
criminals could exploit.
STEP 2
WORK WITH A QUALITY SECURITY ASSESSOR
(QSA) AND APPROVED SCANNING VENDOR (ASV)
TO FIX VULNERABILITIES
Take the results from the SAQ and fix the gaps or
vulnerabilities. QSAs and ASVs will help you to do
this, and will help to make suggestions of ways to
secure your business in the future. Because fraud
strategies continue to evolve, you must send in these
assessment reports annually.
Compliance laws frequently are updated, but fraud strategies
sometimes evolve even faster. Additional security tools are available
to safeguard your customers’ data, including:
1. POINT-TO-POINT ENCRYPTION (P2PE)
This security feature encrypts sensitive card
data at the payment terminal before sending
that information over public networks. Only the
payment processor on the receiving end can
decrypt the data and authorize the transaction.
2. TOKENIZATION
Sensitive card data is replaced with a one-time
token that can be used only for that particular
transaction. Even if a thief gets their hands on that
token, it is worthless.
3. HOSTED PAYMENT FORMS
A hosted payment form is a checkout page that
you install on your e-commerce store. It looks
like the rest of your site, but the payment page
is hosted on secure servers by your payments
provider. Because you are not hosting the page,
your customer’s sensitive payment data never
enters your web server. By using this service, you
reduce your PCI scope on all online transactions.
Becoming PCI-compliant isn’t just important.
It’s mandatory. Failing to meet this minimum
threshold means you risk paying huge fines
and out-of-pocket losses.
Although the requirements sound difficult,
partnering with a quality payment processor
with PCI programs will help to walk you through
the requirements, and will make the process a
whole lot easier.
To learn more, visit www.bluepay.com today.
HAVE MORE QUESTIONS
ABOUT PCI COMPLIANCE?
YOU MUST BECOME
PCI-COMPLIANT IF …
COMPLETE SELF-ASSESSMENT QUESTIONNAIRE (SAQ)
Brought to you by
www.bluepay.com