PCI compliance refers to the set of requirements under the Payment Card Industry Data Security Standard (PCI DSS), which mandates that all companies that process, store, or transmit credit card information adhere to these guidelines to maintain a secure payment environment. PCI DSS was constructed by the Payment Card Industry Security Standards Council, an independent group created by the major payment card brands (Visa, MasterCard, American Express, Discover, and JCB).
PCI DSS governs all businesses and organizations that accept, transmit, or store payment cardholder data, regardless of company size or number of transactions. Furthermore, organizations that use third-party payment card processors still have to meet the PCI compliance guidelines, even though third-party processors may cut down on risk exposure and reduce the effort to validate compliance.
Small to medium sized business must satisfy a number of requirements in order to be PCI compliant. While meeting these constraints may seem tedious and difficult, the consequences of failing to be PCI compliant are severe, and not adhering to PCI guidelines involves taking a major risk.
Penalties for noncompliance can include fines ranging from $5,000 to $100,000 per month. Additionally, banks may terminate business relationships with non-PCI compliant merchants or significantly raise transaction fees. These consequences can be devastating, especially for small businesses.
The bottom line: small businesses in particular should carefully examine the PCI DSS guidelines and make sure their businesses practices are PCI compliant. The time saved is not worth the risk of fines, destroyed business relationships, and a potentially tarnished reputation. Businesses using Magento will find PCI compliance even easier with Magento’s secure payment application, Magento Secure Payment Bridge. Furthermore, Magento helps users establish PCI compliance by describing the requirements on its website, breaking down the guidelines as follows: build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy.
This is a post written by our marketing intern Charlotte Dretler