Having a business requires a great deal of responsibility. You need to run an honest company, attract customers, follow the business laws, and keep your employees happy.
While most business owners can handle the obvious facets that come with running a business, it's the not-so-obvious facets that are harder to implement and regulate. One item that every business needs to adhere to is becoming PCI compliant.
Also known as Payment Card Industry Data Security Standard, PCI compliance refers to adhering to guidelines that protect your customers and clients from having their financial information breached at your location. (Think the Target security breach of 2013.)
If you accept credit and debit card transactions at your company, it's important that you become PCI compliant. This will make customers feel safer when making a purchase or providing you with private information.
What does PCI compliance entail?
In order to become PCI compliant, your business will need to meet certain standards. These standards include maintaining a secure network, developing an information security policy, protecting your clients' and customers' data, testing your networks on a regular basis, and ensuring you have strong access control measures in place.
Does my business have to become PCI compliant?
Yes. If your company performs any type of transaction, you will need to become PCI compliant. It doesn't matter how big or small your company may be, how much revenue you generate, or even how many transactions you run in a day. Even if you have only one credit or debit card transaction in a given year, you will be required to be PCI compliant. You may think it's a nuisance, but it will help protect your customer or client, and that's what's most important.
Are there different types of PCI compliance?
There are different levels to PCI compliance, and it all depends on the amount of transactions you perform on an annual basis. Level 1 is comprised of companies that process more than six million transactions per year; Level 2 is comprised of companies that process one to six million transactions per year; Level 3 is comprised of companies that process 20,000 to one million transactions per year; and Level 4 is comprised of companies that process less than 20,000 transactions per year. There is a PCI Compliance Guide that you can use to determine which level you will be in as well as what standards you need to meet.
What happens if I don't become PCI compliant?
Don't think that you can just ignore PCI without any consequences. PCI compliance is serious, and if you don't become PCI compliant, you can find yourself in serious trouble. In most instances, if you are found to not be PCI compliant, you can expect to be hit with a very hefty fine, anywhere from $5,000 to $100,000. And that's not just a one-time fine either. You will be hit with this fine for every month that you remain incompliant. So you're better off just doing it.
That's not all either. Aside from the fine, you also risk having your credit card transaction fees increased significantly, which results in less money in your pocket. And if you remain incompliant for a long period of time, the financial institutions may terminate your relationship altogether, which would result in you being unable to accept credit and debit card payments. And in a world where plastic is king, you don't want to run this risk.