What is PCI Compliance?
PCI compliance (Payment Card Industry) is a set of standards that oversees credit card processing security for any organization that runs transactions through branded credit or debit cards (Visa, MasterCard, Discover, and American Express). First and foremost, a myth must be dispelled. A merchant is NOT required by any law or regulation to be PCI compliant. This truth might be shocking for some merchants to hear because so often credit card processors penalize business owners for being non-compliant while also charging them for staying in compliance.
PCI compliance standards are implemented and monitored by the Payment Card Industry Security Council. The goal of being PCI compliant is to ensure that businesses are doing their due diligence to protect cardholder or customer data and reduce credit card fraud across the board. There are a lot of questions surrounding PCI, what it means, and what types of security measures can be implemented to protect your small business.
PCI compliance is NOT a requirement
As stated above, a merchant is NOT required by any law or regulation to be PCI compliant. Often credit card processors use this as a scare tactic to penalize business owners for being non-compliant while also charging them for staying in compliance.
However, becoming PCI compliance is a good idea for small business because being non-compliant may result in heavy fees from card brands if a breach of security occurs. Gravity Payments keeps security at the forefront of our minds because we know how devastating it can be to have data compromised. We offer many options to be PCI compliant and will always assist business owners in staying compliant if they choose. We also believe in allowing business owners to run their businesses how they choose, so if you choose to not be compliant with PCI standards, again, you will not be penalized.
More Resources on PCI Compliance and Security
- Payment Cards
- There are four major card brands used in America – Visa, MasterCard, Discover, and American Express. In addition, each card brand supports a variety of unique card features among their various card types.
- P2P Encryption
- While there are many ways to protect customer data, point to point encryption is among the highly regarded methods. This can help reduce fraud and intrusion from malicious events such as hacking.
- Tokenization swaps the credit card data from a business’ internal network and switches the data with a unique, one-time string of code called a token. The system then sends that token around gathering permissions to authorize the transaction.
- Hosted Payment Page
- Any business with a merchant services account through Gravity Payments can take advantage of our customized payment pages for your website. This is an especially great solution for a non profit organization, property management company, or any business that uses recurring billing.
- Fraud Management Tools
- Gravity Payments employs many fraud management tools to assist business owners in protecting their information from data thieves. From customizable protections for business owners using payment gateways or virtual terminals to point-to-point encryption and tokenization, your merchant services account is protected.
- Video Series on General Business Security
- Here’s a seven part series from our Senior Security Engineer, Mick, on what actions business owners and individuals can take to make their information more secure.