What, exactly, does it mean to be PCI compliant?
With an increased number of security breaches, the Payment Card Industry (PCI) has made it mandatory for all merchants accepting cards issued by Visa, MasterCard, American Express, Discover, and JCB to make their systems PCI compliant.
PCI compliance involves implementing a set of 12 specific security requirements that protect credit card data and secure payment applications and PIN devices.
Regardless of your size or your number of monthly transactions, you must comply with these new PCI requirements or risk fines and removal from the credit card system.
Compliance focuses on securing networks, network monitoring, use of proper and up-to-date applications, as well as PIN transaction devices. It also requires annual validation via paperwork and Network Security Scans conducted by approved vendors.
Besides the fact that you must be PCI compliant in order to continue accepting credit and debit cards, doing so is also valuable from a legal perspective.
Just because the majority of companies suffering from security breaches and subsequent lawsuits are large conglomerates, it doesn't mean that hackers won't go after small businesses, causing you a glut of legal pain.
Though implementing security measures won't give you 100% protection, it will significantly increase the odds of hacking. Additionally, it is a very powerful tool should you be hacked and face a lawsuit.
You will be able to point to your PCI compliance to demonstrate that you were not negligent in the handling of customer financial data, and that you were in accord with industry standards.
So if you're not yet PCI compliant, hurry up and do it now. It's for your own good.
- PayPal Handles PCI Compliance for SMB Ecommerce Merchants (ECommerce Guide)
- Cyberattacks Now Targeting Small Business (FindLaw's Free Enterprise)
- PCI DSS Compliance: Accepting Credit Cards and Avoiding Data Breach Liability (FindLaw's Free Enterprise)