PCI Compliance: The Who, What and Why
Security is of the utmost importance when taking card payments at a business. There are several techniques that fraudsters utilize to steal sensitive payment card information, yet some businesses do not know where to start to protect their customers. In this article, we will go into detail on how businesses can take action to create a secure environment for their card payments.
What is pci compliance?
The Payment Card Industry Data Security Standard (i.e. PCI) is mandated by the Card Brands (i.e. Visa, Mastercard, etc.) and refers to the technical and operational standards that merchants are required to follow to protect the sensitive card data of their customers. These standards can range from something as simple as employees shredding or burning any full card numbers that are written down, to something as complex as maintaining a secure internet network at their place of business. We always like to explain PCI compliance as a merchant's way of proving that their operations are secure, and they are not being complacent with their customer's cardholder information. But how do merchants prove that they are protecting their customer's data? That is what the PCI questionnaire is for.
Self-assessment questionnaire
A PCI Self-Assessment Questionnaire (PCI SAQ) is required to validate that a merchant is taking the proper security measures to keep their customer’s sensitive card data secure at their place of business. The PCI SAQ is comprised of questions like “do you store sensitive card information electronically?” and “are all systems and networks updated on a regular basis?” Each questionnaire can differ in length and is determined primarily by how card payments are accepted by the merchant (i.e. in person, on a website, etc.), ranging from as few as 22 questions to as many as 329 questions. This seems daunting but, with PolyPay, completing the PCI SAQ usually takes about 10-15 minutes over the phone with a dedicated member of the PCI Support Team.
network scans
Furthermore, if a merchant accepts card payments over an internet connection, then a PCI Network Scan is required to be completed against the merchant’s public IP address. The Network Scan identifies any vulnerabilities in an internet network and provides remediation steps to resolve those issues and become PCI compliant. Most vulnerabilities are usually quick fixes for any networking or IT specialist. To avoid Network Scans altogether, PolyPay offers our merchants point-to-point encrypted (P2PE) card terminals which add an extra layer of security to all payments by encrypting the sensitive card data, making it impossible for fraudsters to steal that data.
non-compliance fees
If becoming PCI compliant is so easy, why do so many merchants find themselves paying PCI non-compliance fees ranging from $25 to $200 or more per month? The answer is disappointing, but common. Most processing companies would lose out on easy profit from monthly PCI non-compliance fees if the merchant were made aware of this. 15 minutes of a merchant's time could save them $300 to $2,000 a year. PolyPay is successful when our merchants are successful; we are not looking to pad our pockets with unnecessary fees at the merchant's expense.
Here at PolyPay, we send out monthly reminders to any merchants that are falling out of compliance and kindly ask to schedule a quick call with us and our dedicated PCI Support Team to remain compliant. Doing so will help to protect customers’ sensitive card information and avoid non-compliance fees at the same time. Connect with us today and let us partner with you to ensure you are PCI compliant now and in the years to come.
