PCI stands for Payment Card Industry, and PCI Compliance refers to a series of parameters set by credit card companies that their service provides and merchants must adhere to in order to accept credit cards.
All businesses that accept credit cards must be PCI compliant.
If a company is not PCI compliant, they face fines and eventually blacklisting by the credit card companies, meaning that they will no longer be able to accept credit cards as payment. All companies will eventually have to become PCI compliant, but the larger the company (i.e. the more credit card transactions they process) the more likely they are to face PCI scrutiny.
As with brick and mortar businesses, web applications that accept credit cards as a form of payment are also required to be PCI compliant. This means that all aspects of your application that relate to acceptance of credit cards (developers, servers, customer service etc.) will need to be PCI compliant. However if you host the portion of your application through a 3rd party vendor that is PCI compliant you will save your organization the time, money and headache required to become PCI compliant. Vanick Group is in the process of becoming level 1 PCI compliant. Level 1 is the highest and most complex certification offered by the PCI Council.
Here are some tips and tricks to becoming PCI compliant:
- Go to PCI SecurityStandards.org to learn the ins and outs of PCI Compliance.
- Find a QSA (auditor) to help you with the process. The QSA will learn your business processes and make suggestions on how to become a good candidate for PCI compliance. As with any vendor, it is important to select a QSA you are comfortable with. The more time your QSA has to spend with you and learn your business the better.
- Be Adaptable – Even when hosting part of your application on PCI compliant servers through a 3rd party, PCI standards may call for vast changes to internal policies or procedures. The QSA will audit your business processes and make recommendations on how to meet standards. It is up to the organization to implement these changes.
Vanick Group has learned valuable information on becoming PCI compliant, if you would like to learn more or set up a consultation, please contact us.