The Importance of PCI Compliance
The chances are that as a small business you have the ability to take credit card payment from customers. Despite the growth in third party payment services such as PayPal many merchants still prefer to be in charge of their own card payments rather than rely on a third party who, of course, will take a charge against the transaction.
In an effort to combat credit card fraud, especially card holder not present fraud, merchant rules and regulations have been tightened up. This tightening up also applies to the storage of credit card numbers on computers, and if you store such numbers electronically then you are now subject to the Payment Card Industry Data Security Standards, often referred to as PCI-DSS or simply PCI.
The payment card issuers have taken PCI and encompassed it in their own rules that merchants are subject to, for example Visa have the Cardholder Information Security Program (CISP) and MasterCard the Site Data Protection program (SDP). Different levels of compliance apply to different volumes of trades carried out by an individual merchant.
The good news is that if you have been following the IT security recommendations in the Business IT Guide then your systems should be very close to the compliance requirements of your card issuer. If your IT systems are not compliant then expect a possible visit from your service provider, fine and/or termination of your card processing contract.
Card fraud is a problem for us all and we all have a responsibility to reduce it, so act now before it is too late.
These BITG guides may help you further;
Creating IT Security Policies
Protecting Important Data
Securing Computer Data
These external sites may also be useful;
PCI Compliance
PCI Standards
Visa
MasterCard
Streamline
By Mr BITG Virtual Director, Business IT Guide
