As an ecommerce merchant who accepts credit cards, you’ve probably
heard of PCI or PCI DSS. PCI DSS stands for Payment Cards Industry
Data Security Standard, a recent regulatory change that significantly
affects the way credit card payments are processed. All merchants
that accept credit cards need to be PCI compliant, regardless of the
size of their business or the industry in which they operate.
How does PCI DSS affect your business?
- Costly Upgrades: The state of your current system will ultimately
determine how PCI DSS affects your business. If you meet the current
requirements, then you may not face any significant changes at all.
The most common situation involves payment solution and network
upgrades that could cost you a lot of money.
- Safe Harbor Status: One of the main benefits of becoming PCI DSS
compliant is safe harbor status. This designation protects you from
fines in the event of a security breach. In order to benefit from
safe harbor status, all security requirements must be in place.
- Fines:If your business is not PCI DSS compliant, it may be audited,
fined or sued. In the worst-case scenario, you may lose the right to
process credit cards entirely.
Ecommerce businesses can improve payment security by following the 12
requirements outlined by the PCI DSS. These requirements aim to
reduce the risk merchants face when handling sensitive credit card
account data. Many ecommerce businesses are unaware that during the
payment process, account information is being stored in their payment
system. By retaining this data, merchants immediately become liable
for any damages that may result in the event of a data breach. As a result, you need to be very careful in selecting an ecommerce merchant account.
The introduction of the PCI DSS in 2010 has forced businesses to
seriously evaluate the integrity of their payment systems. Along with
increasing their exposure to fraud costs, businesses that wait to
become PCI compliant risk losing their processing privileges entirely
in the event of a serious data breach.
How can ecommerce merchants become PCI compliant?
First, you may have to change your current systems in order to meet PCI DSS
standards. If you currently operate with an up-to-date solution, you
may only need a slight upgrade. If your system is old, it may be
worthwhile to switch to a new solution that offers a more secure
payment environment. We recommend contacting a merchant account
provider to help determine which option is best for your business.
Second, merchants must document their security compliance. Depending on the
amount of transactions a business processes, they may require a more
thorough documentation process.
- Lower
lever merchants have up to six million transactions per year. These
businesses should complete a self-assessment questionnaire and
quarterly security scanning to ensure PCI DSS requirements are met.
- Level one merchants have more than six million transactions per year. In
addition to the lower lever requirements, level one merchants must
facilitate an annual audit by a qualified security assessor.
The subject of PCI DSS compliance can be overwhelming. Make sure you
contact your merchant
account provider for more information and help getting set
up with a secure payment solution.
PCI DSS Resources
VersaPay
Canadian merchant accounts
PCI Security Standards Council