Chances are if you’ve used payment processing services for at least a year, the term PCI Compliance has come up.
Whether you received an email notification from your processor, or noticed unfamiliar fees on your credit card statement, you’ve heard about it. PCI compliance is a bit of a confusing topic for merchants since they aren’t really sure what they should do to be compliant. Most probably think they are keeping their customers payment information safe, but probably aren’t in the eyes of the processor.
Which begs the question, how do you properly prevent your business from incurring Non-Compliance fees?
Now, most merchants attempt to search for answers on how to be PCI compliant online, only to find a bunch of miscellaneous jargon terms that talk about the penalties, instead of what actions to take.
However, there’s a pretty simply methodology to follow when trying to become PCI compliant. Here are three quick steps to take when evaluating your business.
The best place to start is to look at your basic procedures. How do you take credit or debit card payments? Do you take payments over the phone? Do you store customer card numbers on an excel spreadsheet for recurring payments?
All of these create vulnerabilities in how you handle customers’ sensitive credit information. The best way to catch all of these potential risks is to look at what your IT assets are, and your company procedures for handling sensitive information.
Once you recognize your weak areas, you’ll need to work to take steps to fix existing vulnerabilities. One of the best ways things you can do is to not store customer personal data.
Now if you’re a brick-and-mortar store, it’s not necessary for you to keep sensitive data. But if you run a business that processes card-not present transactions, you have to assure that data is properly handled and stored.
You may need to reconsider how you process payments and look for a more secure method of handling payments.
Once you’ve finished with the first two steps, submit your report to your processor. This is the only way to show processors your business is PCI compliant. If you had non-compliance fees on your statement, and you are evaluated as now being PCI compliant those monthly fees should disappear.
Contact us and learn more about if your business is practicing PCI Compliance.