What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI DSS) was initiated by a group of large credit card companies in an effort to secure cardholder data. As credit card fraud was drastically rising in the early 2000’s, the founders (American Express, Discover, JCB International, MasterCard, and Visa Inc.) formed the governing entity, working to set standards that protect both businesses and consumers.
But while the Council sets these standards, it’s up to each business to comply.
According to Braintree, PCI compliance applies to “any merchant or service provider that handles, processes, stores or transmits credit card data.”
Why is it important?
Square reports that 65 percent of small businesses miss the mark on minimum compliance requirements.
That’s not hard to believe, considering penalties aren’t typically publicized until a major retailer is hit with a data breach. (Target’s still paying the price for a breach from 2013 to the tune of $18.5 million. Ouch.) Many consumers have become so comfortable using their debit and credit cards for daily purchases that potential security risks are no longer at the front of their minds. And why should it be?
While being PCI compliant doesn’t provide a guarantee against security breaches, it does reduce the possibility while protecting businesses and their consumers in the event a breach occurs.
Not following PCI standards can result in major hits to a small business, including loss of customer trust, fewer sales, legal fees and loss of privilege to accept credit cards.
How does a small business become PCI compliant?
Don’t know how secure your payments are? Anyone can take a free self-assessment online from the PCI Security Standards Council. The Council also provides resources specific to small business owners and their security.
If you use a point of sale provider like Lightspeed or Square, your provider will handle PCI compliance on your behalf as part of their service. The Council vets POS systems to ensure that they’re compliant. Keep this in mind if you’re switching to a new system. Check out this guide from Fit Small Business if you don't yet use a PCI-compliant POS provider.
While the assessment does not get a business owner a certification, it does help you know whether you are following all guidelines. For more in-depth training and assessments, you can check out the Council’s offerings.
Want to learn how to get more out of your POS system? Dor easily integrates with LightSpeed and Square to help you calculate and increase your conversion rate.