PCI compliance, PCI compliance, why is everyone talking about this and what’s so important about it? If you have a business that accepts credit cards, regardless of how infrequently you get them or how low you volume may be, you are required to become PCI compliant and maintain your PCI compliance from year to year. PCI stands for payment card industry and becoming PCI compliant means you follow the guidelines set forth in the PCI DSS where DSS stands for data security standard. Any merchant in any type of business must demonstrate their PCI compliance by completing one of 4 different SAQ’s or self assessment questionnaires.
The appropriate SAQ to complete and register with the card associations (usually done through your processing service provider) can generally be determined based on the method of processing you use to charge credit cards. If you do all of your authorization and settlement using a touch tone phone and make receipts manually using an imprinter, complete SAQ type A. If you use a stand alone terminal that dials out through a regular phone line but is not connected to any other systems in your office, complete SAQ type B. If you use a stand alone terminal or computer software that communicates through an internet connection or any other open public network, you should complete SAQ type C. If your customers make purchases online from your e-commerce website you should complete SAQ type D.
PCI compliance is not a one-off requirement that you can forget about once it’s done. You must maintain your compliance by renewing the appropriate SAQ annually. Since sensitive data security and computer network security are under constant attack by computer hackers who continue to develop ever newer and ingenious ways to penetrate defenses, the PCI DSS is a dynamic document. It is designed to evolve and adapt to an ever changing information security landscape.
Keep in mind that regardless of your feeling towards having to keep your business PCI compliant, it is mandatory, with penalties for non-compliance. If your processor is charging you a fee for providing tools and support to necessary to obtain your PCI compliance, they are using the industry requirement as an excuse to grab an additional arbitrary amount on a monthly or annual basis. See our home page to find out how to get PCI compliant for free, which is how it should be anyway.