Payment card industry compliance (PCI compliance) involves more than just your website. If your business takes credit card numbers over the phone, has face-to-face transactions, or keeps paper records that contain credit card numbers, there are PCI requirements concerning that aspect of your business that has nothing to do with your website. This article addresses the PCI requirements specifically related to ecommerce transactions.
Do I Need To Worry About PCI Compliance?
Anyone who has a business that receives payments from customers who use their credit cards to pay needs to be proactive in becoming PCI compliant – even if you only receive one credit card payment per year. The volume of transactions does not make a difference. Even if your website uses a third party service through a merchant services provider, you still need to be PCI compliant, because your business accepts credit cards. What if I am not PCI compliant? If you do not meet the PCI standards for compliance and the security of your site gets compromised, you will be facing penalties and fines ranging from $5,000 to $500,000.
The fines, however, are just the beginning of the overall damage caused by noncompliance. If your website or company are not PCI compliant, you run the risk of losing your merchant account, which means you won’t be able to accept credit card payments at all. You will also be placed in the Visa/MasterCard Terminated Merchant File (TMF), making you ineligible to obtain another merchant account, at least for several years. The TMF, is essentially a blacklist from which it is almost impossible to be removed. Find out below how to obtain proper PCI Compliance.
What Level Of PCI Compliance Do I Need?
Even if your website does not store credit card data, it transmits credit card data you need to disclose in order to be compliant. If your website has a form that collects credit card data, and the domain name in the web browser is your domain name, then your server needs to be PCI compliant.
What If I Use A System That Passes Credit Card Data Directly To My Payment Processor?
One way to obtain PCI Compliance is to submit cardholder data directly to a payment gateway using a reliable merchant services provider. This enables PCI compliance for your company because the payment processor is responsible for writing the code that transmits the cardholder data.