Why PCI Compliance Exists

PCI Compliance

You may have been assessed a $30 monthly penalty for failing to maintain a PCI Compliance Certificate with your credit card processor. That $30 does not go to your processor but rather to the acquiring banks who access the fine to your processor, such as Chosen Payments who then pass it on to the merchant.

In 2006, an independent body was created by Amex, Visa, MasterCard, Discover and JCB effectively try and reduce credit card fraud caused by the poor handling of credit card information by merchants. On a grand scale, think of Target and its data breach of nearly 40 million credit card numbers from their internal servers. This should paint a pretty big picture of why the need for PCI Compliance exists.

In the majority of fraud cases, merchants were largely responsible for the leaks of credit card data. Merchants are provided card numbers, expiration dates and the magic three or four digit codes. If written down, they become a license to steal by anyone who happens upon them. This is what makes compliance so important.

In its proper acronym, it’s called PCI DSS. That’s Payment Card Industry Data Security Standards. A simple Self-Assessment Questionnaire (SAQ) is completed and submitted yo your processor to insure that not only are you handling credit card numbers with sensitivity but also making sure your computers cannot be hacked by an outside source if you store credit card information on your servers as Target did.

As a merchant, you are responsible for safeguarding your client’s credit card information. PCI Compliance certificates help you to prove that you accept credit cards with proper concern for security. Credit card fraud affects nearly thirty two million people each year.

Related Posts