Regardless of your card payment solution, whether a simple countertop, stand alone terminal or a sophisticated POS system, you are required to comply with Payment Card Industry Data Security Standard (PCI DSS) requirements.
You may have thought that PCI DSS applies primarily to e-commerce merchants or card-not-present situations but the reality is that these requirements apply to everyone who handles credit card data. According to the PCI Council, each company processing, storing or transmitting payment card data must be PCI DSS compliant or risk losing its ability to process credit card payments.
A card data breach can impact your business financially through association fines and other legal costs. In addition there is a significant risk to your reputation if customer data is compromised. Many data breaches involve common business transactions where card data, written down or recorded, was stored too long or in an insecure manner, or was simply mishandled. The PCI DSS is a set of best practices that helps your business avoid common pitfalls that can lead to a data breach.
Steps To Achieve Compliance with PCI DSS?
- Educate yourself on the relevant compliance regulations (see the Additional Resources section on this page).
- Complete the Self-Assessment Questionnaire, (SAQ), appropriate for your type of business, annually.
- You may be required to complete and document a scan of your network, every quarter. If additional scans are required, you will be notified.
Through our Compliance Program, we are pleased to provide you with the information, tools and resources needed to verify if your business is PCI DSS compliant, and with a Reimbursement Program to assist you in the unlikely event of a cardholder data breach.
Failure to complete the SAQ and validate your business within 90 days from your approval date or on the anniversary date of your last SAQ will result in a monthly $19.95 non-compliance fee.