Have you heard the news? American Express, Discover, Visa, and Mastercard have joined together to create a new Security Standard that your company must comply with if you want to continue taking credit cards as a form of payment! The new standard, known as PCI DSS (Payment Card Industry Data Security Standard) went into effect July 1, 2010 and is changing the way you take credit card payments. In most cases, your bank has probably taken much of the burden from you by insuring their systems are compliant, but the ultimate risk of compliance still falls to you.
Electronic bank theft has become much easier and safer than using a gun and a mask! Theft of customer credit and/or credit card information is rampant and until all the players in the system (banks, merchants, and cardholders) recognize they have a responsibility to secure credit card data, this will continue to be a serious issue. The PCI DSS standards will force merchants to participate in tightening the holes in the system.
The bad news is that failure to comply will result in your losing the ability to accept charges. The “badder” news is that the new regulations shift some of the costs associated with credit card theft to the merchants (that’s you, again). In other words, you could be fined up to $500,000 for the initial investigation, plus a fee per record that is compromised.
There are 12 requirements that fall into six categories:
The credit card companies will require that you demonstrate that your company is in compliance. The number of credit card transactions you process in a year (and certain other criteria) will determine exactly what you have to do in order to demonstrate your compliance. At the very least, you will have to complete an annual compliance questionnaire and hire a company to perform a quarterly Network Scan for vulnerability.
If have an account set up with a Merchant Company that allows you to take a credit card for payment (even if you do it all by paper), you will be affected by this new regulation. I strongly urge to you review the additional resources provided below and call your Merchant Account provider in order to insure your compliance.
Resources
What is PCI Compliance?