As a merchant, you probably accept credit card payments from your customers. If this is the case, you may know a thing or two about PCI compliance requirements.
If you are new to the world of credit card payments, you may not know what PCI compliance means. You can check here for more background into this if required, as it can help you understand how this can be used.
In short, the Payment Card Industry Data Security Standard (PCI DSS) is the rules that ensure a secure environment for companies that transmit, pci scan, process or store credit card information. So, if you accept credit card payments, you need to be PCI compliant. If you’re wanting to test if your company complies, you could hire a company to carry out a PCI compliance scan.
The following includes 10 things you may not understand about PCI compliance.
1. The rules are not vague and there is little room for error. There are specific things you must to do to be PCI compliant and you have to do them if you want to continue to accept credit card payments.
2. Using a PA-DSS certified application does not automatically make you PCI compliant. There are other controls you must use to be compliant.
3. The PCI DSS is not an option or a recommendation, it is required.
4. Being PCI compliant involves more than simply passing an ASV scan. The scan is merely part of the overall process.
5. Even small businesses that process minimal amounts of credit card transactions must be PCI compliant.
6. Once you have a successful assessment, you must maintain that successful level of PCI compliance, in other words, it is an ongoing process, not a one-time ordeal.
7. Even if you do not store credit card information, you must still be PCI compliant.
8. Ecommerce is not the only area where businesses must be PCI compliant. Any company that stores, transmits, or processes credit card transactions must be compliant, even brick-and-mortar businesses.
9. The use of PayPal or other payment service providers does not automatically relieve you of the burden of PCI compliance.
10. Just because you may not incur a fine for non-PCI compliance does not mean that you do not have to comply. You must comply with the rules‚ this way, in the event that something happens, you will not lose your ability to process credit card transactions.