What is PCI compliance? PCI stands for the Payment Card Industry which relates to what most of us refer to as “credit cards”. All issuers of credit cards (e.g. MasterCard, Visa, etc. or the banks that issue them) require all businesses that handle credit card data to a set of PCI Data Security Standards. These PCI security standards help protect credit card information from being stolen.
Who must be PCI compliant? If your business accepts, processes, stores, or transmits any credit card information (such as the credit card number, account name, security code, and expiration date) then you must be PCI compliant even if you only process 1 credit card payment per year. Not being PCI compliant is grounds for the credit card issuer to fine your company a minimum of $5000 or even refuse allowing you to accept credit card transactions which can hurt your company sales.
How does your business become PCI compliant? All merchants are required to at least assess their environment according to an assessment questionnaire published by the PCI Security Standards Council. If your business processes over 20,000 credit card transactions in one year you will also need to officially report your compliance to the credit card issuers. All credit card issuers require merchants to be PCI compliant but may also have additional requirements that are credit card brand specific that your company also needs to compliant with. TNSC can assist you through the required annual self-assessment form for PCI compliance. TNSC can also help remediate any security issues found that prevent you from being PCI compliant.