4 min read

An overview of PCI compliance for businesses

Known in full as the Payment Card Industry Security Standard, PCI compliance refers, simply, to the set of regulations that require merchants to process, store and transmit credit card data in a secure manner.

Launched back in September 2006, any business possessing a Merchant ID falls under these rules, which were launched in a bid to increase the security of credit card transactions. Managed by the PCI Security Standards Council, businesses who wish to remain on the right side of the far-reaching effect of privacy regulations, turn to PCI compliance to achieve this objective.

WHAT DOES PCI COMPLIANCE REQUIRE MY BUSINESS TO DO?

For companies attempting to set their operations on the straight and narrow - and protect themselves from data leaks and phishing attacks - a few critical measures are mandated. 

These include:

  • Protecting cardholder data
  • Establishing robust access control measures
  • Maintaining a secure network
  • Scheduling regular network checks and actively monitoring it
  • Establishing an information security policy
  • Laying down a vulnerability management programme

HOW DO I DETERMINE WHICH PCI LEVELS AND REQUIREMENTS ARE RELEVANT TO MY BUSINESS?

The first thing to remember is that if you accept debit and credit cards as a form of payment, PCI compliance is going to determine how you run your operations. This is the case regardless of how small your company is.

If your business operates in multiple locations with separate tax ID numbers, you will need to ensure that PCI regulations are actively followed in each location. If all stores are managed under a single tax ID, on the other hand, you need to validate PCI compliance once a year for all locations.

You may even need to pass network scans for each location on a quarterly basis.

To understand which level of PCI compliance applies to you, you need to look at the number of card transactions you handle each year.

Level 1 merchants: Businesses that process over 6 million Visa transactions every year

Level 2 merchants: Businesses that process between 1 to 6 million Visa transactions per year

Level 3 merchants: Businesses that process between 20,000 to 1 million Visa transactions per year

Level 4 merchants: Businesses that process between 20,000 or fewer Visa e-commerce transactions per year

Level 4 businesses need to either process 1 million transactions in a storefront or less than 20,000 e-commerce transactions annually. 

If you fall into this category, you need to complete a self-assessment questionnaire and an Attestation of Compliance form annually, as well as undertake a quarterly network scan by an Approved Scan Vendor, if applicable. 

GENERAL PCI COMPLIANCE TIPS

In addition to everything we’ve shared, there are a few other tips you can follow to ensure your business is on the right track.

For instance, make sure that your credit card terminals and PIN pads are up-to-date and compliant with PCI regulations. It’s equally crucial that you take measures not to store any cardholder data in any form whatsoever, whether this means storing it on an excel sheet or writing it down. 

You must also take steps to ensure that you use strong passwords and that passwords are updated in a regular and systematic manner. Employees play a crucial role in this process and so it’s imperative that you train them on PCI regulations and adherence. 

Take steps to ensure that your Electronic Point of Sale or Point of Sale payment gateway software is also in line with PCI regulations and that your router is encrypted and password-protected.

Another tip - check your PIN pads and other PIN devices to make sure that skimmers haven’t been installed. These devices are used to maliciously capture credit card information whenever cards are swiped or entered. 

It’s also recommended that you install firewalls on your computer and internal network in addition to the existing firewall that’s included in your computer’s security software. 

SECURE YOUR BUSINESS’ TRANSACTIONS WITH PCI COMPLIANCE!

If you’re worried about the possibility of data hacks or privacy violations, especially in terms of customer credit card information, PCI compliance is your best course of action.

By taking rigorous preventative measures, you can sleep easy knowing that you’ve done the best for your business. For comprehensive PCI support and guidance, consult our experts at Triskele Labs today!