What is PCI Compliance?

Payment Card Industry (PCI) compliance is a set of standards that governs credit card processing security for any institution, business, or other entity that runs transactions through branded credit or debit cards (Visa, MasterCard, Discover, and American Express). PCI compliance ensures that businesses are doing their due diligence to protect cardholder or customer data and reduce credit card fraud.

Though many states don’t have laws requiring PCI compliance, the credit card industry does have many regulations regarding cardholder security. As such, anyone who takes credit or debit card payments must follow the PCI rules. PCI compliance standards are implemented and monitored by the Payment Card Industry Security Council.

Becoming PCI compliant not only protects your business and customer data, but it can also help you avoid hefty fees from card brands if a data breach occurs.

PCI compliance doesn’t have to be scary

Gravity makes it easy for our clients to become PCI compliant. Working with our PCI partner, SecureTrust, we will walk you through the process of becoming and staying compliant and help you identify particular needs and considerations for your business.  Depending on your business model, you may need to answer a questionnaire and perform a scan of your environment (i.e. card present or card-not-present). Our PCI portal, https://pci.securetrust.com/gravitypaymentsl will guide you through the questionnaire with simple steps and terms. If at any time you have questions or run into a problem, you can email us at  [email protected] or call us at 866-701-4700 x1 for help.

In addition to working with Gravity, there are a few things you can do right now to improve security. 

  • Use strong passwords and change default ones. Strong passwords include a combination of upper and lower case letters, numbers, and symbols, and avoid words that are easy to guess or recognize.
  • If you need to store complete card numbers or other sensitive customer information outside of your POS, store it in a secure place like a safe. Only essential personnel should have access to it.
  • For terminals or pin pads, provide each user a unique ID to access. 
  • Inspect your payment terminals or pin pads for tampering. Does it look damaged? Is it difficult to insert a chip card? These are some signs of tampering. 
  • Use trusted business partners and know how to contact them if a problem occurs. Maintain a list of partner/vendor names and numbers, and if someone claims to be from a business you work with, don’t hesitate to call that business to verify the identity of the person getting in touch with you. 
  • Install updates and security patches from your vendors, such as your credit card processor. 
  • Make your business wifi private. If you offer public wifi, separate it from your business internet or wifi and set up a separate password.
  • Use anti-virus software, like McAfee or Norton.

More Resources on PCI Compliance and Security

  • Payment Cards
    • There are four major card brands used in the United States: Mastercard, Visa, American Express, and Discover. Each card brand supports a variety of unique card features among their various card types. For more information on these features, click the links below.
  • P2P Encryption
    • While there are many ways to protect customer data, point-to-point encryption (which effectively masks sensitive data, like the card number, as it moves through the transaction process) is among the most highly regarded methods. This can help reduce fraud and intrusion from malicious events such as hacking.
  • Tokenization
    • Tokenization is the process of replacing sensitive cardholder data with a non-sensitive equivalent called a token. The token has no value or meaning outside of the secured tokenization system, rendering it useless to bad actors.
  • Hosted Payment Page
    • Any business with a merchant services account through Gravity Payments can take advantage of our customized payment webpages. This is an especially great solution for a non-profit organization, property-management company, or any business that uses recurring billing.
  • Fraud Management Tools
    • Gravity Payments employs many fraud management tools to assist business owners in protecting their information from data thieves. From customizable protections for business owners using payment gateways or virtual terminals to point-to-point encryption and tokenization. We’re here to help you decide the best way to protect your business.
  • Video Series on General Business Security
    • Here’s a seven part series on what actions business owners and individuals can take to make their information more secure.

If you have any questions about PCI compliance or want to sign up for our compliance program email or call us and we’ll walk you through the process.