Whether you’re selling handmade art at the local farmer’s market, or running a large organization generating thousands in sales daily, PCI compliance is something that has been addressed when discussing payment.
That’s because company dealing with the payment, storage, or transmission of credit card information must comply with a set of standards and practices aimed at protecting consumers and businesses.
Examples of those required to comply with PCI standards include:
- Brick and mortar retailers
- Financial institutions
- Online retailers
- Insurance companies
- Hospitals and other medical facilities
- Farmer/flea market vendors
- Service providers
The Payment Card Industry Security Standards Council is responsible for the creation and advising of safe and ethical card payment practices. This body is made up of major credit card companies who found it in their best interest to protect themselves and consumers.
There are 4 Levels of PCI compliance for merchants, and 3 Levels for service providers. These levels are divided by the amount of transactions they complete, the amount of e-commerce transactions, and the number of accounts handled. Most small businesses are classified as Level 4 merchants since they typically handle between 20,000 and one million transactions a year.
PCI (Payment Card Industry) compliance was initially rolled out as a way to keep up with the changing relationship between merchant and consumer, more specifically the way products and services are paid for. Online shopping was a major factor behind these efforts, with easier payments came more areas of vulnerability for criminals and scammers to capitalize upon.
But it’s not only credit card transactions to which these standards apply.
Gift cards provided a new area of concern for businesses and credit card companies; gift card recipients were at risk for paying with empty cards and online merchants could get scammed as well. With the growing use of gift cards issued by major credit card companies, the safety surrounding these transactions are taken even more seriously.
Failing to adhere to PCI standards is not illegal at the federal level, but it is in the best interest of merchants to follow them. Complying with PCI standards is not only ethical, but also necessary in order to avoid fines, lawsuits, and other security related issues. Fines incurred by data breaches or fraud loss can take a toll on a business, possibly to the point of bankruptcy.
PCI compliance should be taken seriously by a business if they want to succeed, if this can’t be done in-house then they should enlist the help of a company to assist in maintaining the standards. Free of fines and bad publicity, organizations can then do business knowing both them, and their customers are safe.