For any business that holds a merchant account for payment processing, one area that’s very important is known as PCI compliance. Short for Payment Card Industry Data Security, PCI compliance refers to operating in accordance with rules that ensure several things, but most notably that all areas of customer data are handled in a secure manner during all transactions.
At Merchant Card Advisors, we’re happy to explain all the basics of PCI compliance to you as part of our credit card processing services. Here’s a basic primer on why these guidelines are in place, what you have to do to follow them (it’s really quite simple), and the issues that come up if you are not PCI compliant.
Goals and Standards of PCI Compliance
As we noted, the goal of PCI compliance is to make sure all customer data is handled properly and securely during credit card transactions. These rules are set by the industry as a whole.
PCI compliance standards vary across all businesses, split up by a few important characteristics. The first of these is four general tiers that are set up – tier 1 has the most rules and regulations in place, while tier 4 has the fewest number of rules and regulations. In most cases, merchants fall under tier 4, which means they process $5,000 or less per year in these kinds of payments. These kinds of small businesses will generally have very few restrictions to follow to be compliant. As merchants process larger and larger transaction amounts, however, they may jump into higher tiers.
Different Businesses, Different Guidelines
In addition, the PCI questionnaire that all merchants have to fill out will vary even more distinctly between individual merchants. For instance, an e-commerce store will have very different guidelines than an in-person retail store, with other differences in areas like online processors. In-person merchants will necessarily have guidelines in place about storing credit card numbers on paper where unauthorized employees can access them.
Consequences of Non-Compliance
If you fail to meet basic PCI standards, or even if you forget to do your yearly questionnaire, you could face financial penalties. For this reason, be sure to track the typical timing on this email and ensure it doesn’t end up in your spam folder or anywhere else. If you do miss it, you are allowed to go back in at any time and complete it, leaving you set for the full year.
If you either miss the questionnaire or are not compliant, you could be charged a monthly fee that will show up on your processing statement. This fee averages about $20 per month, but can be lower or higher.
For more on what PCI compliance is or how to ensure you’re compliant, or to learn about any of our merchant payment processing services, speak to the staff at Merchant Card Advisors today.
