By Rob Gagnon
The world’s Big Five credit card companies (Visa, American Express, Discover, JCB and MasterCard) got together in late 2006 to create a single organization to oversee security in the processing of payment card transactions. They designed and promulgated rules and standards that every member of the PCI (Payment Card Industry) must require of its merchant account holders, the individuals and companies that take consumer credit, debit and gift card payments. The group named itself the Security Standards Council (SSC), and the set of rules and requirements it developed is called the Data Security Standard (DSS). When talking about PCI compliance, it is actually the PCI DSS with which merchant account holders have to comply.
Every step in the credit card transaction process entails DSS requirements, and they cover every firm or individual that processes, stores or otherwise maintains credit card information. The credit card issuers take great pains in making certain that everything in the PCI compliance program is fully, properly explained to the issuing banks and other providers, all of which are then responsible for explaining the DSS protocols to individual merchants.
We always hear about the problems with ID theft on the Internet, or other scams that are being perpetrated, but there is precious little publicity for the massive amounts of money and time invested in keep consumers informed, protected and safe from predation. Although the DSS is applicable to payment card transactions of all kinds, it is clear that problems in the realm of e-commerce were great motivators in the development of the standards. On the Web (and everywhere else) the regulations and requirements ensure that customers’ information is handled with the most up-to-date security and subject to the most intimate monitoring, all to prevent fraud and theft. It is not optional, as merchants are required by contract to follow the PCI methods when receiving and processing all types of payment card transactions.
By eliminating fraud and tightening security in the processing of payments, the payment card industry and participating merchants maintain the trust of consumers. It would have a profoundly negative effect on the economy if consumers were to lose faith in the accuracy and security of payment processing in the digital age. The fact is, most people have no idea how important PCI compliance is to our Information Age lifestyles. The regulations and resulting safety is a huge component of the confidence that consumers have in our systems of commerce. Any reversal of this improving trend (and it has been getting safer and more efficient every year) would be devastating.
The cost of non-compliance
The Security Standards Council can levy fines up to half a million dollars against merchants that are not PCI compliant, and take various other actions including the revocation of payment card processing privileges. PCI compliance is not a matter of getting a passing grade in an audit, or getting an A- with a 95% score. Compliance means that a merchant is completely, 100% in accord with DSS requirements at the specific time that an official PCI auditor audits his system. Merchants that can provide proof of this level of compliance at the time of an audit are considered to be in good standing. However, the PCI stays on top of things with mandatory monitoring and both random and regular security checks.
It is neither easy nor free for a merchant to get (or remain) compliant with PCI. Just getting the right programs in place means serious investment in both money and effort. In fact, some large international merchants have spent up to three-quarters of a million dollars to implement PCI-compliant procedures and install appropriate systems. Of course, not all merchants would need to spend that much, as it all depends on the size of their business, the extent of their operations, the kind of systems they have and the expertise that they have in-house (as opposed to hiring specialized consultants).
Every modern account provider contract contains a requirement that the merchant maintain full, transparent, auditable PCI compliance. Attempts to avoid compliance are not looked upon kindly, and can result in merchants losing their payment card processing privileges entirely. It is worth the investment in time and effort to maintain full compliance, since not doing so is tantamount to risking one’s business. The fact of the matter is that you cannot do business today if you do not take payment cards, and the merchant account alternatives (like PayPal) are far more costly to both sellers and buyers. If you go to the trouble of getting a merchant account, by all means do all you can to comply with both the letter and the spirit of the PCI DSS. It’s just good for business!
WeDoHosting.com offers top-quality support and pricing for all your needs in web hosting canada. All of our servers and experienced technicians are located in Victoria, BC and unlike many other web hosting companies, we built and own our data centre. High storage, Virtual Dedicated Servers, and linux hosting are among a few of our quality services.
Article kindly provided by UberArticles.com
Topics: Ecommerce | Comments Off
MLA Style Citation:
Gagnon, Rob "What Is PCI Compliance?." What Is PCI Compliance?. 22 Jun. 2010. uberarticles.com. 4 Feb 2016 <http://uberarticles.com/business/ecommerce/what-is-pci-compliance/>.
APA Style Citation:
Gagnon, R (2010, June 22). What Is PCI Compliance?. Retrieved February 4, 2016, from http://uberarticles.com/business/ecommerce/what-is-pci-compliance/
Chicago Style Citation:
Gagnon, Rob "What Is PCI Compliance?" uberarticles.com. http://uberarticles.com/business/ecommerce/what-is-pci-compliance/
Comments are closed.
Uber Articles and its partner sites cannot be held responsible for either the content nor the originality of any articles. If you believe the article has been stolen from you without your permission, please contact us and we will remove it immediately. If you have a problem with the accuracy or otherwise of the content of an article, please contact the author, not us! Also, please remember that any opinions and ideas presented in any of the articles are those of the author and cannot be taken to represent the opinions of Uber Articles. All articles are provided for informational purposes only. None of them should be relied upon for medical, psychological, financial, legal, or other professional advice. If you need professional advice, see a professional. We cannot be held responsible for any use or misuse you make of the articles, nor can we be held responsible for any claims for earnings, cures, or other results that the article might make.