The Lowdown on PCI Compliance

Merchant Warehouse |

December 7, 2010

In September of 2006, the five most popular credit card companies across the globe – MasterCard®, Visa®, American Express®, Discover Financial Services and JCB – came together and formed an alliance that would ultimately create and oversee the standards that each member of the Payment Card Industry (PCI) would have to require of merchant account holders.

The alliance that was formed was called Security Standards Council, and its creation was the DSS (Data Security Standard). The DSS is a group of requirements that must be met by each entity at every step in the process of credit card transactions, meaning any firm that maintains, processes or stores credit card data. The credit card companies make every particular of the PCI compliance program understandable to providers, who pass along the information to individual merchants.

Safety First

The main function of PCI compliance is to provide the security to customers in the e-commerce realm. It ensures that the merchant that handles the customer’s information has up to date security monitoring and adequate facilities set in place, in order to avoid fraudulent activities. Merchants must follow PCI methods, a mandatory requirement when they receive and process any type of credit card transaction.
The point of it all is to maintain customer trust by eliminating both fraud and inefficiencies in the processing chain. If consumers lose faith in the safety and accuracy of payment card processing, it could have a devastating effect on commerce and the economy. It is not an overstatement to say that PCI compliance is an important part of our modern, ecommerce-style life, and that it contributes a great deal to consumer confidence.

Non-Compliance Costs

When any merchant is not PCI compliant the council is free to implement large fines that can range anywhere up to $500,000 and take other actions that can sometimes include the removal of credit card processing privileges. Being PCI compliant means that at the time an authorized PCI auditor audits a merchant’s system, the merchant is 100% in line with the requirements. So long as merchants can provide proof of compliance at the time audits are conducted, then they are considered in good standing. Mandatory monitoring and regular security checks are mandated.

Becoming a PCI compliant merchant does not come free. Putting the proper programs in place will involve investment in terms of both money and time. It’s estimated that the largest international merchants can spend as much as $700,000 in order to implement PCI compliance. Some merchants, however, would not need to spend as much, depending on the level at which they operate. Merchants must take into consideration that PCI compliance is required in every modern account provider agreement. Trying to avoid compliance can result in a revocation of credit card processing privileges. Don’t allow that to be the end of your business. Staying “in good standing” is always worth the investment.