We understand that the whole PCI Compliance issue can be confusing
Carrollton, TX (Vocus) July 21, 2010
In the past year, two studies—one in the US and another in the UK—have indicated that most businesses still don’t understand PCI Compliance. TransTech Merchant Group, a direct seller of specialized and personalized merchant services, is working with clients to help clear the confusion.
PCI Compliance is shorthand for Payment Card Industry Data Security Standard (PCI DSS), a set of requirements to ensure companies that process, store or transmit credit card information maintain a secure environment. The standards are set by the Payment Card Industry Security Standards Council, an independent body created by the major payment card brands (e.g., Visa, MasterCard, American Express).
“We understand that the whole PCI Compliance issue can be confusing,” says Tony Norrie, General Manager for TransTech Merchant Group. “At first glance, it looks daunting. But it’s designed to protect businesses and their customers, so it’s important. We want to help the business owners through this process.”
TransTech Merchant Group offers the following points to help simplify the complex questions surrounding PCI Compliance:
- The Purpose of Compliance: The primary reason for the guidelines is simple—security. Due to the increase in identity theft and fraud, the major credit card companies established the PCI DSS to protect cardholders’ data.
- The Basics of Compliance: There are 12 compliance requirements and all must be implemented for a merchant to be certified as compliant. The standards cover such crucial areas as proper computer firewalls, unique passwords for all users, encrypting cardholder data transmission, developing an in-house security policy and restricting access to your processing network. “Most of them are essentially best practices to protect cardholder data and may already be in place at your business,” Norrie explains. “Even if they weren’t required, these are the kind of guidelines you would want to adopt to ensure security.”
- The Scope of Compliance: The Standards were originally presented as recommendations, but are now mandatory and apply to every organization that accepts or processes credit or debit card information, including merchants and third-party service providers. In short, PCI standards are not optional; every merchant who processes credit or debit cards must comply.
- The Benefits of Compliance: These layered security measures provide extra protection against theft and fraud for both the merchant and their customers. Implementing the required processes will minimize the risk of fines that can be imposed for non-compliance.
- Consequences of Data Breaches: Businesses that experience a data breach can be subject to fines ranging from $10,000 to $500,000, not to mention the potential for costly lawsuits, extensive audits and lengthy investigations. There is also the possibility of loss of credit card acceptance privileges. “Any of these outcomes could critically damage the reputation of a business,” says Norrie. “For most, the expenses incurred by a non-compliance violation could cause the closure of the business.”
Businesses who sign with TransTech Merchant Group for their debit and credit card processing services are automatically enrolled in the PCI Smart program, which will identify a business’ compliance requirements, assist in selecting the correct self-assessment questionnaire and schedule any needed network scans. PCI Smart will also help business owners develop best practices and procedures for long-term data security, as well as provide ongoing tools, tutorials and education. Once the business has successfully completed the required processes, PCI Smart will provide the necessary validation documentation.
(Sources: Redshift Research, National Retail Federation, ControlScan, the Payment Card Industry Security Standards Council and the PCI Knowledge Base)
About TransTech Merchant Group
TransTech Merchant Group is one of the direct sales entities for Certified Payment Processing (CPP). TransTech is a full-service provider of electronic payment equipment for processing purchases made by debit and credit cards, as well as checks and online purchases, in addition to a range of other specialized merchant services. For nearly 20 years, CPP has helped businesses increase revenue while controlling costs.