What Is This New PCI Compliance Charge My Credit Card Processor Is Charging Me?
If your enterprise accepts credit cards, you have almost certainly been lately advised that you will be charged a new annual charge to spend for the price of maintaining your enterprise compliant with the most up-to-date expected credit card safety regulations as handed down by Visa, MasterCard, Uncover and American Express. This post will clarify what compliance is all about.
Very first of all, let's get a handful of terms explained.
PCI stands for Payment Card Market. DSS stands for Information Safety Common. The credit card issuers have suffered large losses due to credit card fraud and they have decided to take new measures to protect against as a lot of that as probable. These measures include things like coordinating with merchants to establish and enforce new credit card quantity protection approaches like the superior encryption of credit card numbers when transmitted through a sales authorization by a merchant, and storage of consumer credit card information afterward.
There are essentially two techniques to get a sale authorized: either applying a credit card terminal subsequent to your money register (or integrated into your POS) or through World-wide-web. Some merchants use a dial-up terminal and other people use a higher-speed World-wide-web connection. Either way, the card issuers are concerned that transaction information be transmitted securely. There have been quite a few headlines about breeches, wherein hundreds of thousands, even millions of credit card numbers are stolen. Hackers tap into telephone lines and World-wide-web connections just about every day.
So – right here we are. Just about every bank and other credit card processing organization will be passing on the price of these improved safety requirements to their merchants. So please do not go cancelling your merchant account or attempting to switch to yet another processor who does not or will not charge you this compliance charge, due to the fact you are going to have this charge from now on, regardless of which processor you are with.
Now, let's speak about what you, as a merchant, will have to do to turn into and stay compliant with PCI DSS.
Your cooperation starts with a Self-Assessment Questionnaire. (SAQ) You can total this questionnaire on-line and you will be obtaining a hyperlink to do so in your merchant account statement this month or extremely quickly. The questionnaire will inform safety departments how you procedure credit cards and from your answers you will acquire guidelines as to any additional measures you have to have to take, if any.
1 determination that will be created is what merchant level you fall below, and this is just a matter of how quite a few transactions you procedure annually. Levels 1 by way of four, Level 1 becoming more than six,000,000 transactions per year and Level four becoming fewer than 20,000 transactions annually.
If you only use a dial-up line for your terminal, that will be about all you have to have to do. If you procedure transactions on-line or otherwise use a connection to the World-wide-web to transmit information, a safety scan will have to have to be performed to verify for vulnerabilities anyplace along your World-wide-web connection.
In either case, just after you total the SAQ you will be advised of the subsequent step to take, if any. And when you are deemed compliant, your credit card processor will be notified and you are performed. There is even a logo you can show on your web page to let shoppers know you are compliant, and this will boost consumer self-assurance in your enterprise.
If you are not becoming asked to turn into PCI DSS-compliant by your credit card processor, be concerned. 1 massive processor that did not bother with this new requirement suffered a information safety breech and now faces fines in excess of half a billion dollars. And you, as a merchant, are liable for up to $500,000 in fines for breeches that happen.
The annual compliance charge is not that a lot and is a modest value to spend, as a price of carrying out enterprise, to safeguard your customers' information.