PCI compliance is something that is crucial for any business
that handles credit card numbers – including merchants, processors, financial
institutions, and service providers. PCI DSS (Payment Card Industry – Data
Security Standard is a set of requirements that are set forth to ensure all
companies that process, store, and transmit credit card transactions do so in a
secure manner. Simplified PCI compliance is measures that are taken to help
protect card holder data, keeping it out of the wrong hands. Recently in the
news Target the second largest US retailer had a substantial data breach you might recall involving
cardholder data of 70 million people. Even though most of the time when you
hear about a data breach in the news it is a large company, in reality 98% of
data breaches occur within small business. This is why it is important for
everyone to know about PCI compliance and what to do to stay complaint.
The primary purpose of PCI DSS is to protect account data.
The account data is broken in to cardholder data and sensitive authentication
data. Cardholder data includes the credit card account number, cardholder name,
expiration date, and service code. Authentication data consists of the full
track data (magnetic-strip data), CVV2 number or equivalent, and any PIN
numbers. Generally the cardholder data is able to be stored however it is not
permitted to store any authentication data. It is important to keep this
information out of the wrong hands. Fines that can be levied by Visa and
MasterCard range from the minimum of $10,000 up to $500,000. What it all comes
down to is regardless if you are a large business or a small business you run
the risk of a data breach and should do your part in staying PCI compliant.
You can visit the PCI Security Standards Council’s website
at https://www.pcisecuritystandards.org
for full details on all PCI compliance.
What should you do to take the steps in becoming and staying
PCI complaint? The first step is to ensure your credit card receipts are
truncated properly. They should display only the last 4 digits of the card
number or no card number at all. With the most recent update of the PCI DSS you
can no longer have an expiration date on the receipt. These rules apply to both
the customer and merchant copies of the receipt. If your terminal is not
printing the receipts correctly then you need to contact your merchant services
provider to have a download completed so that it is corrected. Next you would want to educate yourself on
PCI DSS by visiting the PCI
Security Council’s site. After you brush up on the rules and regulations
you need to complete a Self-Assessment Questionnaire (SAQ) for your business
type. The SAQ needs to be completed annually. Some businesses may also be
required to complete and document a scan of their network quarterly. A SAQ will
assist you in finding if this applies to your business or not.
We offer to our merchants the compliance facts website that
reviews, explains the required documents and online tools that you need to stay
complaint. It also covers IRS compliance. You can visit this site at www.compliancefacts.com.
If you find that your credit card terminal is out of PCI
compliance and would like to take advantage of our free terminal
placement program contact Chris
today at 800.51.TOTAL / 800.518.6825.
Helpful PCI Compliance Links:
