PCI Compliant with POS Plus

When we say that we offer our customers peace of mind because we can assist with PCI compliancy, many do not know the importance of following the standards and how we can help.  This has led to confusion over exactly what the Payment Card Industry Data Security Standards (PCI DSS) are and why it is important to you.

What is PCI, Who Does it Apply To?

In basic terms the answer is you!

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.  Essentially any merchant that has a Merchant ID (MID) must comply with PCI DDS.  Also a merchant is any entity that accepts payment cards bearing the logos of any of the five members of PCI SSC (American Express, Discover, JCB, MasterCard or Visa) as payment for goods and/or services. This includes any debit cards, gift cards or any other form of payment that bears the above logos.

 

As a brief history the Payment Card Industry Security Standards Council was launched on September 7, 2006 to manage the ongoing evolution of the PCI security standards with focus on improving payment account security throughout the transaction process.  The PCI DSS is administered and managed by the PCI SSC, an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.).

PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

The Council has no legal authority. However, the standards have been adopted in Nevada and reporting credit card security breaches is the law in 38 states. This however does not mean that they do not have any authority when it comes to assessing penalties for non-compliance. Each of the various card companies apply the Data Security Standard in their own way, but ultimately if your business wishes to do credit card (or debit card) transactions, then it will be required to adhere to the standards.

 

Penalties for Non-Compliance

The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. However it is important to note that banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees.  Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business.  

 

Remember that best practices, regarding PCI compliance depends on each merchant. We will offer PCI compliant solutions however ultimately implementation will depend on you. Also, POS Plus cannot guarantee that your organization will never come under attack from cyber criminals. Every day law breakers are testing computer code and systems to try to find a way in. Working together we can help make you safer by installing compliant solutions and putting proper security measures in place.       

 

Important Links

General Overview and Information - https://www.pcisecuritystandards.org/

What to do if you are compromised - http://usa.visa.com/download/merchants/cisp_what_to_do_if_compromised.pdf

PIN Entry Devices - pcisecuritystandards.org/security_standards/ped/index.shtml

Visa (Risk Management) - usa.visa.com/merchants/risk_management/cisp.html

MasterCard - mastercard.com/us/sdp/index.html

American Express (Merchants) - americanexpress.com/merchant