PCI Compliance: How to Protect Your Business


Violating PCI compliance can lead to hefty fines for you and your business. What you need to know to protect yourself:

When it comes to a growing business, the safety and security of your and your customers’ sensitive information and data is likely top of mind—especially when it comes to payments. We’ve all seen the news stories an heard horror stories about breaches involving credit card information. This kind of breach can destroy your reputation and your business.

New advances in commerce and payments technology are often accompanied by new rules and regulations to help ensure that both businesses and consumers are protected. Due to all of this, we now have Payment Card Industry Data Security Standard (PCI DSS), a standard put forth by the five largest credit card companies to help reduce costly consumer and bank data breaches.

Understanding PCI DSS compliance can be overwhelming for business owners. In this guide, we break down the need-to-knows of PCI DSS compliance and walk you through the steps you need to safeguard your business and customers.

What does PCI DSS compliance mean?

PCI DSS stands for Payment Card Industry Data Security Standard, which sets the requirements for organizations and sellers to safely and securely accept, store, process, and transmit cardholder data during credit card transaction to prevent fraud and data breaches.

Who needs PCI DSS compliance certification?

Although there is technically no such thing as “PCI certification,” sellers of all sizes, service providers, banks, and any other organizations that process credit card payments need to prove they are PCI compliant.

What are the PCI DSS compliance levels?

There are four levels of PCI compliance; each level has unique requirements for a business to validate its compliance. The level under which your business falls is based on your total transaction volume, annually.

What does it cost to be PCI DSS compliant?

The fees to become PCI compliant, and maintain that standing annually, can range from approximately $1,000 annually to over $50,000 annually, depending on the size of your business.

Am I responsible for a PCI DSS Compliance Self-Assessment Questionnaire (SAQ)?

The PCI DSS Self-Assessment Questionnaire is a checklist created and distributed by the PCI Security Standards Council. It’s used as a means for sellers to self-validate their PCI DSS compliance. We can assist you with determining whether you need to be or are already compliant.

Are there PCI noncompliance penalties?

Yes, there are typically fees and penalties associated with PCI noncompliance. If your business does not comply with PCI standards, you could be at risk for data breaches, fines, card replacement costs, costly forensic audits and investigations into your business, reputation damage, and more.

  1. Safeguard cardholder data by implementing and maintaining a firewall.

  2. Create custom passwords and other unique security measures rather than using the default setting from your vendor-supplied systems.

  3. Safeguard stored cardholder data.

  4. Encrypt cardholder data that is transmitted across open, public networks.

  5. Anti-virus software needs to implemented and actively updated.

  6. Create and sustain secure systems and applications.

  7. Keep cardholder access limited by need-to-know.

  8. Users with digital access to cardholder data need unique identifiers.

  9. Physical access to cardholder data needs to be restricted.

  10. Network resources and cardholder data access needs to be logged and reported.

  11. Run frequent security systems and processes tests.

  12. Address information security throughout your business by creating a policy.

For more information on everything your business needs to be PCI compliant, contact us today.