Subscribe Form Popup

Why Sign Up for Our Monthly Newsletter?

That's easy. You'll get action-worthy business tips aimed at owners like you. Plus it's a quick read.

PCI Compliance Made Simple

Do It or Risk Financial Catastrophe

Posted Nov 28, 2017
Chained credit card with padlock

PCI Compliance. You’ve heard of it. You know you need it.  But you may not be quite sure what it’s all about. You might even be intimidated by it. So, in keeping with our mantra to make your work life simpler, we’re breaking down PCI Compliance in language that makes sense.

What is PCI Compliance?

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of requirements that basically says if you are a company that processes, stores or transmits credit card information, you have to do that securely. They also dictate the steps you need to take in order to be secure. It’s administered and managed by the PCI SSC, an independent body created by some of the major payment card brands.

Do I need it to run my business?

If you have a Merchant ID (MID), yes. If customers are paying you by debit, credit card or prepaid card, yes. It doesn’t matter if you accept credit cards in store, you’re an online boutique taking cards through a third party system like 3DCart, or taking a credit card over the phone, this means you. Regardless, whether you’re a small business or a large one, or whether you process three cards a day or three cards a month, you still need to be in PCI Compliance.

If I’m PCI compliant, does this mean I won’t get breached?

Sorry, but no, it’s not a guarantee you will not be hacked. But by following PCI guidelines, you do decrease your vulnerability to being breached.  Plus, you increase your likelihood of catching a potential breach earlier rather than later, which can minimize your financial exposure.

What happens if I don’t do it?

If you get hacked, you’re in big trouble. Do you want to explain to your customers that their private information is floating around in the hands of hackers? Read about these recent major data breaches from some BIG name companies. And that’s before we talk about the financial consequences.

Even though, it’s not technically a federal law in the United States, state laws differ. Payment brands, at their discretion, can fine an acquiring bank anywhere from $5,000-$100,000 per MONTH for PCI compliance violations. And they will pass these penalties to you, the merchant!

How do I get started?

Start right here if you are required to fill out the self-questionnaire OR use Qualified Security Assessors if you’d rather work with an expert. And, of course, if you’re a Simpay client, we can help you be PCI compliant. Just contact us.

How do I know what ‘level’ merchant I am?

There are four levels and which one you are depends on your Visa transaction volume over 12 months. Level 1 is over 6M transactions a year, Level 2 is 1M-6M transactions a year, Level 3 is 20,000-1M transactions and Level 4 is under 20,000 transactions.

We just touched the tip of the iceberg. Here is a fantastic blog with a lot more FAQ’s for you to check out on PCI Compliance.

Here at Simpay, all our clients’ customer financial data used for processing card payments is protected by PCI-DSS protocols and multi-layered MagneSafe™ security. If you are looking for advice on becoming PCI compliant yourself, and protecting yourself from financial disaster, contact us. We’d be glad to guide you through the process.