In today’s world of digital technology, online payments and and a distinct lack of paper trails many people are concerned about identity theft. With so many online payments via credit cards going through the internet everyday companies are now taking bigger steps to protect their customers.
The PCI DSS was formed as a way to make sure that merchants are protecting people’s credit card information. Check out below for information regarding the operations of small and medium businesses as how they need to conform to the PCI DSS set of standards.
How it works
The PCI SSC which stands for “Payment Card Industry Security Standards Council” was formed by five major credit card companies as a way to have a separate entity keep an eye the development of standards and compliances that are part of the standard operating procedure for companies wishing to accept credit cards as a form of payment. This guarantees a rigorous method of security when it come to making payments online.
Even though the businesses are accountable to the credit card company and the financial institution handling the funds it is the PCI SSC that is in charge of identifying possible technological threats and assessing any weakness that there may be in a way to further refine the process and keep a high level of security at all times.
Are Businesses mandatorily compliant with PCI DSS?
Short answer is yes. If you are a business or part of an institution that wishes to accept payment and store information credit cards it is mandatory that you comply with the standards of PCI DSS.
If you are going to apply and meet the standards set in place then you must go through a series of steps including a variety of questionnaires, a vulnerability scan and you must provide information about your business so it can be determined as to what level of merchant you are.
Here is a list of the levels and how you will be classified. Information from dharmamerchantservices.com.
- Level 1—Any merchant which processes over 6 million Visa transactions per year, regardless of acceptance channel (in-person, mail, telephone, or e-Commerce), or any entity that Visa determines should be categorized as Level 1 to minimize risk to the Visa system.
- Level 2—Any merchant which processes 1 million to 6 million Visa transactions per year, regardless of acceptance channel.
- Level 3—Any merchant which processes 20,000 to 1 million Visa e-Commerce transactions per year. Level 3.
- Level 4—Any merchant which processes fewer than 20,000 Visa e-Commerce transactions per year, and all other merchants processing up to 1 million Visa transactions per year, regardless of acceptance channel.
If you have passed inspection and are approved you will want to stay compliant or there can be big consequences to the tune of $5,000 up to $100,000 each month with is actually charged to the acquiring bank which will in turn pass the cost over to you. After which it will possibly be the case that the bank does not do business with you anymore or just dramatically increases the cost of your fees.
PCI DSS is not law but more of a business agreement where if you do not comply you do not go to jail rather you are the the recipient of numerous costly fines and fee in regards to non compliance.
If you are thinking of starting a business that accepts more than cash but sure to fully review all the ins and outs of being compliant. The various rules and regulations regarding credit card payments are very strict as we have seen so when first starting out make sure you understand all the paperwork concerned. It will save you a lot of time and money in the long run.