The Basics of PCI ComplianceUnderstanding the Basics of PCI Compliance

There are several reasons why PCI compliance is an important issue for many businesses. Of those, the two that stand out the most are avoiding costly fines and ensuring that credit card acceptance isnt terminated for failing to comply.

Since there are many things about PCI compliance that can make this topic quite confusing, we want to help you understand more about it by providing an overview of the basics:

Knowing If Youre Impacted by PCI

Does your business accept, transmit or store cardholder data? If you answered yes to any of those elements, then you are impacted by PCI. This is true even if you only accept credit cards over the phone.

A Common Myth about PCI Compliance

One of the most common myths about this type of compliance is it can be taken care of by using a third-party company. While its often advisable for an organization or merchant to use a reliable third-party company in order to reduce their overall risk, making this decision doesnt automatically cover all aspects of PCI compliance.

Determining Your Level

One of the reasons that PCI compliance seems so confusing is because different credit card brands have their own compliance programs. What that means for businesses is that depending on the brand, they may be defined as different level merchants. So while Visa may define a business as a Level 4 merchant, given the fact that American Express doesnt even have a Level 4, what needs to be done for both can differ?

Even though it can be a pain, the good news is the Internet has made it relatively straightforward for a business to determine their level in regards to Visa, MasterCard, Discover and American Express. Once you carve out time to sit down and get answers, its simply a matter of going to each providers merchant website and seeing where your business falls based on the criteria thats outlined.

Validating Compliance

Once you know where you fall on the compliance spectrum, you need to take a look at what steps should be taken in order to validate your compliance. As with the subject of merchant level, your business can fall into one of nine different categories for validation requirements. One of the main differences between the categories is some require submitting to an Authorized Scanning Vendor (ASV), while other categories dont carry that requirement. If you have any questions about what your business requires for compliance validation, dont hesitate to contact an expert for professional guidance.

If you have any additional questions about PCI compliance or what you need to do in order to achieve it, dont hesitate to contact Skynet Innovations by phone or email.