Let me guess: You want to learn more about the Payment Card Industry (PCI), don’t you? However, with all the things that you need cover, you can’t help but feel overwhelmed. As a PCI DSS compliant call center, we’re here to help you with just that — learning about PCI compliance.
We’re going to walk you through some of the basics of the industry, hoping that we’ll be able to address the burning questions that you have about it.
Today, we’re going to do this by answering ten common queries that a lot of first-timers have on PCI compliance.
Without further ado, let’s hop right in.
1. What is the PCI DSS?
PCI DSS stands for the “Payment Card Industry Data Security Standard.” This is a set of security protocols and guidelines designed to make sure that all companies that accept, store, process, or transmit any credit card information would maintain a secure environment.
2. What is the PCI SSC?
PCI SSC stands for the “Payment Card Industry Security Standards Council.” This council is a body launched last September 7, 2006 for the management of the growth and changing dynamics of security standards in the PCI.
The PCI SSC administers and handles the PCI DSS and focuses on enhancing account security through the payment and transaction process. This body was made by leading payment card brands, namely: MasterCard, Visa, Discover, American Express, and JCB.
3. Is the PCI SSC responsible for enforcing compliance?
No. The acquirers and payment brands are responsible for compliance enforcement, not the PCI council.
4. Does the PCI DSS apply to my business?
If your company transmits, stores, or accepts any cardholder data, then the PCI DSS applies to your organization no matter its size or transaction amount.
5. What is a merchant?
A merchant is any entity that accepts any payment card that bears a logo of any of the PCI SSC members for payment of goods or services.
6. What is an acquirer?
An acquirer is an entity that processes transactions for merchants. These entities are usually financial institutions and are explicitly defined by a payment brand as such. Other names that it may carry include “acquiring bank,” “merchant bank,” and “acquiring financial institution.”
7. What is a service provider?
A service provider is any entity
- That is not a payment card brand; and,
- That is directly involved in cardholder data storage, processing, or transmission.
8. Can a merchant also be a service provider?
Yes. If your company stores, processes, and transmits cardholder data, and if your organization also accepts payment cards as a payment for services or goods, then your business is both a merchant and a service provider.
9. Are there penalties for non-compliance?
Yes, there are. If non-compliance is spotted, payment brands may fine a bank $5,000 to $100,000 each month for every violation. The bank would usually pass along the fine until it would eventually reach the merchant.
Also, banks may either increase transaction fees or terminate your relationship depending on the violation performed.
10. What happens if my business chooses not to cooperate?
PCI DSS is not a law and just a standard. However, merchants who do not comply with PCI DSS may receive fines at the discretion of service providers and acquirers if a violation was spotted.
Also, any breach events that occur may incur forensic audits and card replacement costs from these acquirers or service providers.
Let us know about them in the comments below.
(Note: If you’re looking for a PCI DSS compliant call center to help administer your customer’s sensitive authentication data. Contact us now.)