Information You Need to Know About PCI Compliance Regulations
If you accept credit cards, PCI compliance regulations apply to you.
Regardless of size or industry, all companies that accept credit cards must adhere to the safeguards mandated by the Payment Card Industry Data Security Standard—referred to as the PCI DSS. While most companies are aware of PCI, many are unsure of how to become PCI compliant, or what it means for their businesses. As well, companies that use a third party for clearing and remittance often incorrectly assume that PCI compliance regulations do not apply to them. PCI compliance rules apply to all companies that take credit cards whether it is it through your software, the internet or a phone line.
PCI Compliance Regulation Requirements
All companies are required to pass PCI Compliance testing annually. Depending on how you process credit card transactions, you will need to take one of four tests. This year, as a new part of the testing process, any questionnaire forms not completed in their entirety by 12/31/11 will be lost, forcing you to start over with the new test. If you have begun this process, please be sure to complete it before December 31st.
In addition to the testing process, each company must have certain documentation in place. Trustwave provides these documents to MAS Software Solutions and we can forward them to you upon request. Once you have them, you can use the ‘find and replace’ option in Microsoft Word to make the document reflect your company details.
Both business owners and employees are required to view videos less than one hour in length regarding PCI compliance regulations.
Companies seeking PCI Compliance will need to have a physical scan of the IP address where credit card processing is done to check for firewall settings. Your IT department may be required to make adjustments in order for the scan to pass. This scan will then be performed every 3 months by Trustwave (or whichever company you are using) on an ongoing basis to ensure continued compliance.
Once you pass the testing process and IP scan you can expect to receive lower credit card company fees.
The Risks of Noncompliance
Beyond exposing your customers to fraud or identity theft, your business can be held responsible for the credit card company’s losses. In the event of a security breach or lack of PCI compliance, credit card institutions can assess your company higher credit card processing fees and levy fines of up to $500,000—or even bar your company from processing any credit card transactions at all. Keep in mind that PCI compliance regulations apply to all companies that accept payment by plastic—even if they don’t store any related data, or if they only process a small amount of credit transactions.
MAS Software Solutions Can Help
PCI compliance became effective July 1, 2010. If you are not sure how to become PCI compliant, or have questions regarding the testing process, MAS Software Solutions is available to assist you - even if you are not using the Sage Software credit card module or Sage Software Credit Card Processing. Please contact us at 913-312-8999 ext. 9 and let us help you ensure that you are appropriately following the PCI compliance rules.