PCI DSS Compliance


Organizations that process credit card payments are subject to fraud, hacking and many other security threats and vulnerabilities. Any company that processes, stores, or transmits credit card numbers must be PCI Compliant or else risks losing its rights and abilities to process credit card payments of any type. Merchants are required to validate compliance via audits by PCI DSS Qualified Security Assessment (QSA) Companies.

PCI DSS, which stands for Payment Card Industry Data Security Standard was developed by major credit card companies to protect themselves, their clients, and the businesses and organizations that use their cards.

PCI DSS began, originally, as five separate programs operating individually through MasterCard, Visa, American Express, Discover, and JCB to protect data security and to create an additional level of protection for customers by ensuring that merchants meet minimum security levels when they process, store, and transmit cardholder data.

The Payment Card Industry Security Standards Council was formed in 2004 when these companies aligned their individual policies and created the Payment Card Industry Data Security Standard. PCI is considered to be one of the more comprehensive standards of data security. It is regarded as being relatively more prescriptive than other similar laws.

PCI Compliance Requirements in Small Business

PCI Compliance is a necessary requirement for all businesses that use credit card machines or process and store credit care information of any sort. This can be quite difficult for many small to medium size business due to the time, money and technical aspects involved. In house efforts for small businesses to become PCI compliant can take up to 18 months and cost upwards of $40,000. Furthermore, hardware and software upgrades could add additional thousands of dollars in order to maintain a safe and secure set of processes.

PCI DSS compliance addresses two crucial components: safe storage and protected payments. Any business that stores or processes any credit card information is required to safely store any and all information it gathers. Remote storage solutions are ideal because they ensure that credit card information is stored separately from other financial information that could be compromised.

Another important factor in PCI DSS compliance is a company’s ability to securely send and receive credit card information online and via the phone. When collecting information online, it would be ideal for the customer to remain on a business’s secure website and not redirected to an external site. This could compromise information and cause a major security risk.

Updating a small business’ systems to comply with PCI DSS regulations can be quite expensive and tiresome; there are alternatives for small to medium sized businesses however.

There are companies available that are PCI DSS experts, and provide PCI compliance solutions for companies around the country. Generally speaking, these companies can get a company within the ranks of PCI compliance within 30 days for relatively low cost — allowing SMB owners to focus on the day to day operations of their business and not alleviating the burden of becoming PCI compliant.

Whether you choose to meet PCI compliancy in house, or outsource that duty to a specialist company, it is a critical to meet compliance and remain compliant to PCI DSS regulations.

About the Author:
Art Gib writes for Brain Tree Payment Solutions (http://www.braintreepaymentsolutions.com/pci-compliance.php), a PCI compliance company that focuses on helping businesses attain and maintain PCI compliance.