For companies taking credit card payments, PCI Compliance is a must.
Sensitive identity details and payment information flows across the Internet in massive volumes every second. The PCI DSS standard is designed to protect this critically confidential data. Any company in today’s economy that accepts payments by credit card must be PCI compliant.
The consequences for not meeting the PCI compliance standard are dire. Companies found in violation risk facing steep fines, a negative reputation and customer loss. Any software or hosting provider being used by a company to process or host the processing of credit cards or storage of data must also be compliant.
What is PCI Compliance?
PCI DSS (in its complete acronym) stands for Payment Card Industry Data Security Standard. This is the standard for protection of data submitted, transferred and processed during the credit card payment cycle.
Does my company need to be PCI Compliant?
Yes. These standards apply to companies of any size that accept credit card payments. Protecting digital cardholder data requires adherence to all of the PCI DSS data security standards. If your company intends to accept card payment, and store, process and transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider.
PCI Compliant Providers
A compliant provider will undergo annual, independent auditing against all of the PCI DSS protocols required for Level 1 compliance and maintain certification of a recognized PCI compliance independent auditor.
PCI Compliant Providers must stay up to date with patches and give options for encrypted offsite backup with true disaster recovery capabilities. Applications running in the cloud or on co-located servers should have the same protocols in place to adhere to the standards required for PCI Compliance.
A PCI Compliant hosting provider must make sure all appropriate safeguards are in place to protect digital payment information. Due diligence prevents loss of consumer confidence and proactively prevents penalties, fines, or worse.
How to find a PCI Complaint Provider
A PCI compliant provider should be able to provide a valid certificate of compliance from a certified PCI compliance independent auditor and it should be publicly available for review. For example, K9ERP is certified by SecureMetrics and our certificate can be confirmed by clicking the image below.
Consequences of not being PCI Compliant
There are financial consequences of not being PCI compliant which can be steep. Fines are imposed by banks and credit card providers and can range from $5,000 to $500,000.
In some cases, a company could be 100% PCI compliant but a data breach could still happen. Thus exposing customer data to malicious invaders. Fines and penalities could still be assessed if that happens. Examples include:
- Fines of $50-$90 per cardholder whose data has been compromised
- Suspension or loss of privledges from the credit card acceptance provider
- Credibility issues with customers, partners and vendors
- Potential civil litigation from customers affected by the breach
- Revenue loss from loss of future sales due to consumer mistrust
As a precautionary service, FocusonPCI.com provides a calculator for companies to obtain the actual costs of a PCI compliance violation. The calculator gives, “an estimate of penalties a company may assume if a breach of customer data were to happen. Inputs into this calculation include: discovery and notification, employee opportunity costs, customer opportunity costs, regulatory fines, civil restitutions, audit costs, and other liabilities.” Click here to use the calculator.
PCI Compliance IS Important
Considering almost every business takes credit cards today, the need for PCI compliance is critical. If your financial software or financial software hosting provider is not compliant, there could be dire consequences for your company.
For more information on K9ERP’s PCI compliant services, please feel free to contact us at firstname.lastname@example.org or (954) 964-8444.