Having Trouble Getting Restaurant Customers Back After the Pandemic?
As restrictions are lifted after the pandemic, and restaurants are opening their doors again, a crucial challenge faced ...
Read full articleWith the emphasis on security for all credit and debit card transactions, it’s important for every organization that accepts credit payments to understand the details of Payment Card Industry (PCI) data security standards.
That’s because PCI applies to anyone who handles card transactions - transmitting, accepting or storing card information. It doesn’t matter the size of the business or how many transactions they handle per month or year.
Here is how PCI works and how it can affect your business. It’s important to stay compliant, as fines can reach as much as $5,000 to $100,000 per month.
A Brief History
The PCI security standards launched in September 2006. The PCI Security Standards Council developed the standards and continues to manage and administrate them.
The independent council was created by all the major credit card brands - Visa, Mastercard, American Express, Discover and JCB. These brands are charged with enforcing the standards, not the PCI security council. All the current documents from the council are kept in an online library.
The idea is to make online transactions involving credit, debit and prepaid cards as safe and secure as possible.
The PCI Levels
The PCI security council established four different levels for card transaction security. They are based on the number of transactions an organization conducts over a one-year period. All merchants all into one of the four categories.
The level is determined by the aggregate number of transactions from a merchant listed as “doing business as” (DBA). Those with more than one DBA will have transactions from all them added together to determine the level.
Here are the levels. Keep in mind that this includes all card transactions - credit, debit and prepaid. Each of the transaction numbers are for a 12-month period.
Also, any merchant can be listed at Level 1 at the discretion of the credit card brands if they determine extra levels of security are needed. Also, any merchant who has had their system breached may get elevated to a higher level regardless of the number of transactions.
Compliance at Each Level
It’s easy enough to see what level applies to your business. But what standards must be met at each level to be in compliant with PCI standards?
Level 1. Companies at this level must hire an outside, PCI security council-approved vendor to test their system and file an annual compliance report.
Level 2. Companies at this level can do a self-assessment of their system. However, some may be required to get evidence of passing a vulnerability scan with a PCI security council-approved scanning vendor
Levels 3 and 4. At these levels, merchants are also allowed to do a self-assessment.
Other Issues
Some other issues that frequently come up with PCI compliance include the following, according to the PCI Compliance Guide.
PCI compliance is a key component to having a secure system for credit card payments. Moreover, it’s required by the major credit card companies. Every merchant that accepts cards for payment must work to ensure they meet the standards.
Related Topics
Guides
As restrictions are lifted after the pandemic, and restaurants are opening their doors again, a crucial challenge faced ...
Read full articleUntil now, restaurant marketing professionals have had a tough time authenticating the ROI of their online and offline m...
Read full articleCustomer ratings and reviews can have a significant impact on your business. Whether good or bad, these reviews provide ...
Read full articleNever miss a post! We'll keep you up-to-date on the latest restaurant and retail WiFi marketing information.
We would love to hear from you! If you have any questions, comments or ideas about our blog, drop us a line and let us know.
Or call us at 727-877-8181.