Tag Archives: PCI Council

What is PCI Compliance and Why is it Important?

If you accept credit cards, you must understand and implement PCI compliance – it is required by all merchant services providers. The good news is that it’s not as hard as you think to comply, and there is plenty of support available to help you.

What is PCI Compliance?

Payment Card Industry Compliance (PCI) is a set of regulations that ensure all businesses are transmitting, processing, and storing payment information in a way that’s safe and secure for consumers. The regulations lower the risk of a data breach, identity theft, and ensure overall safety for both consumers and businesses.

There are 12 total requirements businesses must meet to be ‘compliant.’ Some regulations pertain to the equipment you use – building a secure network and ensuring its ongoing safety as well as practices to determine who has access to the data and how.

PCI compliance also affects financial institutions and payment processors – anyone involved in the payment processing must be compliant to ensure the safety of the transactions.

Why is PCI Compliance Important?

First, PCI compliance isn’t optional – it’s the law. If you don’t follow it, you can’t accept credit cards. Businesses that aren’t compliant are at risk of not only data breaches, but a reputation of not being secure. Word gets around fast when there’s a data breach and it takes a long time to build that reputation and/or level of trust up again.

Today, it’s not only public opinion that gets involved, but the government steps in too. The risk of terrorism is high and the need to know what’s going on in all aspects of data transmission is a key factor.

How to Make Sure your PCI Compliant

You could handle PCI compliance yourself, but it’s time consuming, confusing, and stressful. Instead, it’s best to work with a payment processor who handles it for you. Instead of navigating unchartered waters yourself, you can have support and education to learn what’s involved, what steps you need to take, and even to do most of the heavy work for you.

A part of the compliance does fall on your shoulders though. You must make sure your staff is on board and understands the rules and regulations. You must also take control and know what risks you’re putting your company and your customers’ information under as there’s always a risk anytime information gets transmitted.

When you can promise your customers that you have PCI compliance under control, not only will it help build up your reputation, but it helps increase sales too. Customers are loyal to businesses that do more than provide the goods or services they need. They are loyal to a business that they know will protect their information, watch out for their wellbeing, and provide all-around good customer service.

If you haven’t given PCI compliance a thought lately – it’s time to figure out how to put the proper steps in place. Your business and your customers are relying on you to do so.

PCI Guidelines for Mobile Apps

Leave a reply

Today the Official Merchant Services Blog will examine the PCI Security Standards Council’s most recent guidelines, and their slow crawl towards comprehensive security requirements for mobile devices.

On Thursday, the PCI Security Standards Council released a set of best practices geared toward software developers of mobile devices.  These guidelines come four months after they released some guidance about mobile payments for small businesses.

The PCI Council, based in Wakefield Massachusetts administers the Payment Card Industry data-security standard and affiliated standards for secure payments software and also PIN-based transaction devices. The guidelines were released during the Council’s annual North American meeting in Orlando, Florida on Thursday, after hinting at a possible PCI clarification in early September.  Present at the gathering were security assessors, merchants, processors and vendors, all preparing for the update of the main PCI standard next year.

The Council announced that it is starting to approve hardware for mobile payments such as card readers that plug into smart phones or tablet computers.  The Council has not delved into the approval of software for mobile payments and have they made it clear when that will happen. They have however, announced that more guidance for merchants will come next year and that they will continue to take input from the payments industry on the serious task of protecting card holder data when payments originate from mobile devices.

Correcting software vulnerabilities is the most important aim of the Council’s new guidelines, as app developers crank out new programs for processing payments on smart phones and tablets everyday.  The guidance covers everything from the payment transaction, access protection, and remote disablement of a missing device.

The last point is arguably the most important aspect of a new mobile PCI security system.  Since mobile payments are true to their name, mobile, the chance of someone running away with your credit card terminal is an increasingly possible risk.  The same applies for any tablets acting as POS systems in a store. An unlucky shopkeeper may open up in the morning only to find part of his or her POS system missing, and all cardholder data inside compromised. This is what the PCI Security Standards Council seeks to avoid.