PCI Compliance is an often misunderstood part of having a merchant account. You’re probably wondering what PCI Compliance means, who decides if your business is compliant, and why there’s a monthly fee involved if you’re not compliant.
A lot of payment processing companies are not good at explaining it. It’s almost never mentioned in the sales process, and some processors only mentioned once a year without really giving a merchant the tools to be able to complete their questionnaire and avoid the fine.
Well, have no fear, because today we are going to over what PCI Compliance is, how you can achieve it, and why it’s important.
What is PCI Compliance and why does it affect me?
PCI actually stands for Payment Card Industry Data Security, and PCI Compliance is if you are compliant with the PCI Data Security Standards, rules the payment card industry set and need to be followed.
Their main goal is to assure that companies processing any kind of transaction are handling customers data in a secure manner.
Now PCI Compliance standards are different for every single business, and they range in strictness depending on their size. The tiers are 4 through 1, with tier 1 having the most rules and regulations in place that need to be followed to protect customer data, and 4 the least amount of rules.
Most merchants will fall under tier 4, processing $5000 a year or less. This is the easiest tier and has fewer restrictions and steps small businesses need to follow to be considered PCI Compliant.
Now, the PCI questionnaire is not the same for every merchant. An E-Commerce store will have different rules they need to follow compared to a face-to-face business like a restaurant or retail store.
For instance, if you’re accepting payments online through your website, you need to have no electronic storage, processing, or transmission of any cardholder data on your premise or internal network.
Meanwhile, face-to-face merchants need to make sure they are not storing credit card numbers in file cabinets or on paper within access to unauthorized employees.
What are the consequences of not being Compliant?
There is a financial penalty for merchants who fail to meet the security standards or simply forget to do their yearly questionnaire.
Your payment processor will send out your reminder email with instructions once a year for you to complete.
Sometimes this email gets caught in spam folders, so make sure you add your processing company as a contact and keep an eye out for an email every year on the anniversary you signed up with them for processing.
If you don’t fill out the questionnaire or answer some of the questions wrong, you’re going to see a monthly fine show up on your processing statement. It can range anywhere between $15-$25, but the average is $20 a month.
Now, if you missed the questionnaire, the PCI Compliance Council allows you to go in at any time and redo the questionnaire, but once you complete it you’re good for a whole year.
Unfortunately, payment processors are not responsible for making sure their merchants are meeting these security standards. A processor is actually incredibly nice if they send out multiple reminders and are going above and beyond what they are required to do.
PCI Compliance is a pain, and no matter what processor you work with you’ll always have to make sure you’re complying with the security standards. Working with a processor who can walk you through the questions can help relieve some of the stress, and help you remove the extra monthly cost.
Want to work with a processor who understands PCI Compliance? Contact us and receive a free rate analysis and see if you’re overpaying