Consumers today not only appreciate convenience, but they also expect it. That’s why the amount of credit card and debit card transactions has been growing steadily over the last several years. Consumers like being able to simply swipe their card and complete their transactions without the hassle of having enough cash or carrying change. However, that convenience for the consumers comes at a cost for the merchant, who is responsible for maintaining a protected infrastructure to process those card transactions. When a customer hands a merchant his or her credit card, there’s an unspoken expectation of security. Without a secure infrastructure to protect their sensitive information, customers risk having their financial information and even their identities stolen by opportunistic cybercriminals.
In order to protect the faith consumers have in merchants when it comes to secure card transactions, the Payment Card Industry Security Standards Council has created a set of data security standards. Any and all businesses that receive card payments must also follow these PCI standards, or else risk severe consequences for themselves and their customers. Not only does failing to obey with the PCI standards put customers at risk of having their financial or personal information stolen, but it also puts merchants at risk of being hit with fines that can exceed $100,000 per month. Businesses that fail to comply with PCI standards also may see their banks raise the fees they charge for processing transactions. This is a big part of the reason why the average cost of a data breach for businesses is approximately $4 million.
Given how important it is for businesses to be PCI compliant, it’s significant for businesses to understand the PCI standards and avoid the persistent myths that surround them. For example, many businesses believe that they do not have to comply with the standards because they only process a small number of card transactions in a year. Though, even businesses that process a handful of card transactions can be susceptible to cybercriminals, so these businesses must be PCI compliant. Businesses that use an outside vendor to process card transactions may believe that this exempts them from being PCI compliant, but they still are responsible for determining whether or not that vendor is being compliant.
This guide from BluePay features some of the most frequently asked questions regarding PCI compliance as well as some of most myths concerning it. If you’re worried about whether or not your business is PCI compliant, the answers may be found here.