Help Save America’s Small Businesses—VOTE! Learn more

What is PCI Compliance?

Payment Card Industry (PCI) compliance is a set of standards that governs credit card processing security for any institution, business, or other entity that runs transactions through branded credit or debit cards (Visa, MasterCard, Discover, and American Express). PCI compliance ensures that businesses are doing their due diligence to protect cardholder or customer data and reduce credit card fraud.

Though many states don’t have laws requiring PCI compliance, the credit card industry does have many regulations regarding cardholder security. As such, anyone who takes credit or debit card payments must follow the PCI rules. PCI compliance standards are implemented and monitored by the Payment Card Industry Security Council.

Becoming PCI compliant not only protects your business and customer data, but it can also help you avoid hefty fees from card brands if a data breach occurs.

PCI compliance doesn’t have to be scary

Gravity makes it easy for our clients to become PCI compliant. Working with our PCI partner, SecureTrust, we will walk you through the process of becoming and staying compliant and help you identify particular needs and considerations for your business.  Depending on your business model, you may need to answer a questionnaire and perform a scan of your environment (i.e. card present or card-not-present). Our PCI portal, https://pci.securetrust.com/gravitypaymentsl will guide you through the questionnaire with simple steps and terms. If at any time you have questions or run into a problem, you can email us at  [email protected] or call us at 866-701-4700 x1 for help.

In addition to working with Gravity, there are a few things you can do right now to improve security. 

  • Use strong passwords and change default ones. Strong passwords include a combination of upper and lower case letters, numbers, and symbols, and avoid words that are easy to guess or recognize.
  • If you need to store complete card numbers or other sensitive customer information outside of your POS, store it in a secure place like a safe. Only essential personnel should have access to it.
  • For terminals or pin pads, provide each user a unique ID to access. 
  • Inspect your payment terminals or pin pads for tampering. Does it look damaged? Is it difficult to insert a chip card? These are some signs of tampering. 
  • Use trusted business partners and know how to contact them if a problem occurs. Maintain a list of partner/vendor names and numbers, and if someone claims to be from a business you work with, don’t hesitate to call that business to verify the identity of the person getting in touch with you. 
  • Install updates and security patches from your vendors, such as your credit card processor. 
  • Make your business wifi private. If you offer public wifi, separate it from your business internet or wifi and set up a separate password.
  • Use anti-virus software, like McAfee or Norton.

More Resources on PCI Compliance and Security

  • Payment Cards
    • There are four major card brands used in the United States: Mastercard, Visa, American Express, and Discover. Each card brand supports a variety of unique card features among their various card types. For more information on these features, click the links below.
  • P2P Encryption
    • While there are many ways to protect customer data, point-to-point encryption (which effectively masks sensitive data, like the card number, as it moves through the transaction process) is among the most highly regarded methods. This can help reduce fraud and intrusion from malicious events such as hacking.
  • Tokenization
    • Tokenization is the process of replacing sensitive cardholder data with a non-sensitive equivalent called a token. The token has no value or meaning outside of the secured tokenization system, rendering it useless to bad actors.
  • Hosted Payment Page
    • Any business with a merchant services account through Gravity Payments can take advantage of our customized payment webpages. This is an especially great solution for a non-profit organization, property-management company, or any business that uses recurring billing.
  • Fraud Management Tools
    • Gravity Payments employs many fraud management tools to assist business owners in protecting their information from data thieves. From customizable protections for business owners using payment gateways or virtual terminals to point-to-point encryption and tokenization. We’re here to help you decide the best way to protect your business.
  • Video Series on General Business Security
    • Here’s a seven part series on what actions business owners and individuals can take to make their information more secure.

If you have any questions about PCI compliance or want to sign up for our compliance program email or call us and we’ll walk you through the process.

[gravityform id="37" title="false" description="false" ajax="true"]
<div class='gf_browser_unknown gform_wrapper' id='gform_wrapper_37' ><div id='gf_37' class='gform_anchor' tabindex='-1'></div><form method='post' enctype='multipart/form-data' target='gform_ajax_frame_37' id='gform_37' action='/solutions/pci-compliance/#gf_37'> <div class='gform_body'><ul id='gform_fields_37' class='gform_fields top_label form_sublabel_below description_below'><li id='field_37_1' class='gfield gf_left_half gfield_contains_required field_sublabel_below field_description_below hidden_label gfield_visibility_visible' ><label class='gfield_label' for='input_37_1' >First Name<span class='gfield_required'>*</span></label><div class='ginput_container ginput_container_text'><input name='input_1' id='input_37_1' type='text' value='' class='medium' placeholder='First Name*' aria-required="true" aria-invalid="false" /></div></li><li id='field_37_2' class='gfield gf_right_half gfield_contains_required field_sublabel_below field_description_below hidden_label gfield_visibility_visible' ><label class='gfield_label' for='input_37_2' >Last Name<span class='gfield_required'>*</span></label><div class='ginput_container ginput_container_text'><input name='input_2' id='input_37_2' type='text' value='' class='medium' placeholder='Last Name*' aria-required="true" aria-invalid="false" /></div></li><li id='field_37_3' class='gfield gfield_contains_required field_sublabel_below field_description_below hidden_label gfield_visibility_visible' ><label class='gfield_label' for='input_37_3' >Email<span class='gfield_required'>*</span></label><div class='ginput_container ginput_container_email'> <input name='input_3' id='input_37_3' type='email' value='' class='medium' placeholder='Email*' aria-required="true" aria-invalid="false" /> </div></li><li id='field_37_9' class='gfield field_sublabel_below field_description_below hidden_label gfield_visibility_visible' ><label class='gfield_label' for='input_37_9' >Phone</label><div class='ginput_container ginput_container_phone'><input name='input_9' id='input_37_9' type='tel' value='' class='medium' placeholder='Phone Number' aria-invalid="false" /></div></li><li id='field_37_4' class='gfield gfield_contains_required field_sublabel_below field_description_below hidden_label gfield_visibility_visible' ><label class='gfield_label' for='input_37_4' >Business Name<span class='gfield_required'>*</span></label><div class='ginput_container ginput_container_text'><input name='input_4' id='input_37_4' type='text' value='' class='medium' placeholder='Business Name*' aria-required="true" aria-invalid="false" /></div></li><li id='field_37_7' class='gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible' ><input name='input_7' id='input_37_7' type='hidden' class='gform_hidden' aria-invalid="false" value='Gravity Website' /></li><li id='field_37_8' class='gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible' ><input name='input_8' id='input_37_8' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></li><li id='field_37_13' class='gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible' ><input name='input_13' id='input_37_13' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></li><li id='field_37_12' class='gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible' ><input name='input_12' id='input_37_12' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></li><li id='field_37_11' class='gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible' ><input name='input_11' id='input_37_11' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></li><li id='field_37_10' class='gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible' ><input name='input_10' id='input_37_10' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></li><li id='field_37_14' class='gfield mixpanel-id field_sublabel_below field_description_below gfield_visibility_hidden' ><label class='gfield_label' for='input_37_14' >Mixpanel ID</label><div class='ginput_container ginput_container_text'><input name='input_14' id='input_37_14' type='text' value='' class='medium' aria-invalid="false" /></div></li><li id='field_37_15' class='gfield gf-post-slug field_sublabel_below field_description_below gfield_visibility_hidden' ><label class='gfield_label' for='input_37_15' >Post Slug (js)</label><div class='ginput_container ginput_container_text'><input name='input_15' id='input_37_15' type='text' value='' class='medium' aria-invalid="false" /></div></li> </ul></div> <div class='gform_footer top_label'> <input type='submit' id='gform_submit_button_37' class='gform_button button' value='Submit' onclick='if(window["gf_submitting_37"]){return false;} if( !jQuery("#gform_37")[0].checkValidity || jQuery("#gform_37")[0].checkValidity()){window["gf_submitting_37"]=true;} ' onkeypress='if( event.keyCode == 13 ){ if(window["gf_submitting_37"]){return false;} if( !jQuery("#gform_37")[0].checkValidity || jQuery("#gform_37")[0].checkValidity()){window["gf_submitting_37"]=true;} jQuery("#gform_37").trigger("submit",[true]); }' /> <input type='hidden' name='gform_ajax' value='form_id=37&amp;title=&amp;description=&amp;tabindex=0' /> <input type='hidden' class='gform_hidden' name='is_submit_37' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='37' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_37' value='WyJbXSIsIjFkZWJiYTQzOTc0NWE5NmY1ODc3NTgwMWVlMTJhNGM1Il0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_37' id='gform_target_page_number_37' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_37' id='gform_source_page_number_37' value='1' /> <input type='hidden' name='gform_field_values' value='' /> </div> </form> </div> <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_37' id='gform_ajax_frame_37' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'></iframe> <script type='text/javascript'>jQuery(document).ready(function($){gformInitSpinner( 37, 'https://gravitypayments.com/wp-content/plugins/gravityforms/images/spinner.gif' );jQuery('#gform_ajax_frame_37').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_37');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_37').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){jQuery('#gform_wrapper_37').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_37').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_37').removeClass('gform_validation_error');}setTimeout( function() { /* delay the scroll by 50 milliseconds to fix a bug in chrome */ jQuery(document).scrollTop(jQuery('#gform_wrapper_37').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_37').val();gformInitSpinner( 37, 'https://gravitypayments.com/wp-content/plugins/gravityforms/images/spinner.gif' );jQuery(document).trigger('gform_page_loaded', [37, current_page]);window['gf_submitting_37'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}setTimeout(function(){jQuery('#gform_wrapper_37').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_37').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [37]);window['gf_submitting_37'] = false;}, 50);}else{jQuery('#gform_37').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger('gform_post_render', [37, current_page]);} );} );</script><script type='text/javascript'> jQuery(document).bind('gform_post_render', function(event, formId, currentPage){if(formId == 37) {if(typeof Placeholders != 'undefined'){ Placeholders.enable(); }jQuery('#input_37_9').mask('(999) 999-9999').bind('keypress', function(e){if(e.which == 13){jQuery(this).blur();} } );} } );jQuery(document).bind('gform_post_conditional_logic', function(event, formId, fields, isInit){} );</script><script type='text/javascript'> jQuery(document).ready(function(){jQuery(document).trigger('gform_post_render', [37, 1]) } ); </script>