You’ve done your due diligence, educated yourself about and accepted the gravity of PCI compliance for your business. You’ve upgraded your network and credit card processing equipment as necessary to ensure your environment is as safe as can be. Your customers’ information is safe and protected. You periodically review your procedures and upgrade your internet protection software, implementing new anti-virus tools as they become available to perpetually ensure your business is PCI compliant. Congratulations, give yourself a pat on the back.
Now ask yourself, “are all of the vendors I work with and share sensitive information with PCI compliant as well?” PCI DSS requirement 12 stipulates that it is the merchant’s responsibility to contact and verify that all businesses you have a business relationship with are also PCI compliant. This includes vendors or suppliers, credit card processors, and banks that you use in the daily course of business.
Take it one step further and ask yourself if your favorite restaurants know about PCI compliance and take it seriously. Consider your favorite resorts and hotels, your travel agent, stores you shop in frequently, your physician’s office. Really any place you spend your money by using a credit card.
The integrity of the entire payment system depends on all merchants, processors and consumers being vigilant and thoughtful. If the businesses you frequent aren’t PCI compliant yet, be sure to make them aware of the importance of the PCI DSS. You can even do them a favor by sending them to the PCI Free website where they can educate themselves and attain PCI compliance at no cost, but with priceless benefit.