PCI Basics: Your Essential Guide to Compliance

We’ve written several blogs about PCI compliance recently, and we’ve had some requests that we take it back to the basics. In particular, our customers want to know what the heck PCI compliance is, anyway? We’re glad they asked! PCI compliance is an important part of your business’s data security strategy, but it can get confusing. Let’s break it down.
 
 

What’s in a Name?

 
 
The full name for PCI is Payment Card Industry Data Security Standard, or PCI-DSS. It’s a series of standards set by the major credit card brands (Visa, Discover, etc.) designed to ensure that customer payment data is well-protected. 
 
 

Why Should I Comply?

 
 
Complying with the PCI standards is required by your agreements with the major credit card brands, but it also just makes good business sense. It ensures that customer data is being handled properly and reduces the instance of fraud. PCI compliance doesn’t guarantee that a breach won’t occur, but it provides an important layer of protection by ensuring your security systems are in tip-top shape.
 
 

How Do I Stay Compliant?

 
 
To become and stay PCI compliant, you’ll have to make sure that your credit card terminals, gateways, and shopping carts meet certain minimum technical requirements for how they process transactions. Periodically you’ll complete a Self-Assessment Questionnaire (SAQ) that asks you questions about how your business processes credit cards and stores customer information. Don’t lie or stretch the truth on this questionnaire! If you experience a breach in the future and it’s discovered that you weren’t honest, you’re going to be in trouble. In most cases, you’ll be required to perform a quarterly scan of your entire system to ensure that everything is working smoothly. (Scan failed? Here’s why that might have happened.) Finally, you’ll want to hold regular team trainings to make sure that employees understand how to process payments securely – no writing credit card numbers down on scrap paper!
 
 

What Areas of My System Should I Look At?

 
 
Full PCI compliance means taking a holistic approach to your business’s data security. Of course, you’ll want to be sure you’re protecting cardholder data whenever it’s in your possession, whether in-store or online. Set up strong network passwords and firewalls to protect the transmission of sensitive payments data, and make sure that any third-party systems and applications you use don’t have vulnerabilities that could allow hackers to access your payment data. All employees should be trained in proper security procedures and adhere to it on all transactions – no exceptions. Finally, and this is the most commonly overlooked aspect of PCI compliance, make sure your office or store is physically secured as well. This means strong locks on all doors and windows, security cameras or an alarm system, and, separate logins and passwords for all employees that have access to payment data. If an employee is terminated or their job role changes so they no longer explicitly require access to payment data, revoke their credentials immediately.
 
 

How Can I Learn More?

 
 
PCI compliance is one of those topics on which it never hurts to brush up. Luckily for you, we’ve got plenty more information on PCI compliance available in our blog. To begin, check out these five steps to PCI compliance, then read about these five myths to make sure you don’t have any misconceptions. If you still need more guidance, call us at 1-855-360-0360 or drop us a line on our website. We’d love to help you protect yourselves and your customers.
 
 
PS – Here are five more business security essentials you can’t afford to skip.
 
 
PPS – Don’t be fooled by forced transaction scams. Here’s how to fight back.
 
 

By |2018-05-31T10:20:26+00:00March 8th, 2018|Credit Card Processing, Technology|8 Comments

8 Comments

  1. […] PPS – Here’s what you need to know about PCI compliance. […]

  2. Joan April 19, 2018 at 6:16 pm - Reply

    I feel the rep of 360 payments should visit us and show us the best and safe way to get PCI compliance.

    • Derek Distenfield April 20, 2018 at 3:12 pm - Reply

      Hi Joan! Thank you for your comment, and we’d be happy to have someone reach out to you. It looks like we tried to connect with you in the past about this but ended up playing phone tag. Someone will reach out to you soon!

    • Derek Distenfield April 23, 2018 at 4:45 pm - Reply

      Hi Joan, I wanted to follow up again and provide a little more information. We looked into the issue further and it appears that our PCI compliance partners are not providing you with the same level of service you have come to expect from 360 Payments. This is unacceptable, and we will be reaching out to our partners and reevaluating our relationships with them to serve you better. Thank you very much for letting us know that this is a problem. While we correct this issue, I wanted to give you some peace of mind. The vast majority of our customers do not need to worry about PCI fees for non-compliance, due to the fact that we do not house card data for your business. The blog we sent you was simply meant to highlight what Visa, Mastercard, and other cards brands would like you to adopt as best practices. While following the steps in this blog will certainly help protect your business, 360 Payments has never had a customer experience a data breach, and only a very subset of our customers need to be concerned with PCI compliance fines or other penalties. I apologize for any confusion this may have caused! If you have any additional questions, please give us a call at 408-295-8360.

  3. Lynn Sharp April 20, 2018 at 4:56 pm - Reply

    Derek,
    When I agreed to use your company you said I wouldn’t have to worry about PCI compliance. It was one of the main reasons I switched to your company. I feel the same as Joan and think you should send someone to the shop to show the guys who actually use the machine how to do it.

    • Derek Distenfield April 23, 2018 at 4:39 pm - Reply

      Hi Lynn, thank you so much for bringing this to our attention. PCI compliance puts us (and all credit card processors) in a tricky situation because your credit card processor can’t really declare that your business is PCI compliant – that would be a conflict of interest. PCI compliance is supposed to be handled by our third-party partners, and it seems they have been letting our customers down. This is unacceptable, and we will fix it. We will be reaching out to our PCI partners and reevaluating our relationships with them to ensure our customers are receiving the best support possible. In the meantime, please do not fret. The vast majority of our merchants do not pay fees for PCI non-compliance due to the fact that 360 Payments does not actually house card data. In short, we will be working to provide better education and support to our customers through our partners, but please don’t hesitate to call us at 408-295-8360 if there’s anything else we can answer for you.

  4. Brenda Kashuba July 6, 2018 at 2:36 pm - Reply

    I’ve been in business accepting credit cards for nearly 17 years and I’ve never even heard of PCI compliance until I switched to 360 Payments.

    • Derek Distenfield July 9, 2018 at 12:18 pm - Reply

      Hi Brenda, that’s great! PCI compliance can be a major pain, but fortunately with 360 Payments our customers don’t have to worry about it. We just like to keep our customers informed about issues in the credit card processing industry – and unfortunately PCI compliance is a big one with some of our competitors! But like I said, no worries – we handle the PCI compliance so you can focus on your business.

Leave A Comment