Credit Card Processing and PCI Compliance Myths

One of the first rules of credit card processing is the importance of PCI compliance. Basically, it goes something like this: If your business accepts credit cards, debit cards, or EBTs (electronic benefits transfers), you must meet the Payment Card Industry Data Security Standard (PCI DSS) established by the major credit card networks. The corollary to this rule is: If you’re not in compliance with PCI DSS, you’re placing your entire operation at major risk of a data breach that could lead to credit card fraud and/or identity theft.

At Merchant Express®, we place a premium on educating our clients about all aspects of credit card processing, including PCI compliance. That means sometimes we have to deal with some of the myths surrounding compliance, including:

• PCI compliance is a one-time solution — once you achieve it, you’re done. While that would certainly make it easier, it’s just not the case. PCI compliance is an ongoing process of risk assessments and improvements. Fraudsters and identity thieves never rest, and neither should you when it comes to compliance.
• Outsourcing PCI compliance to someone else is the solution. Most merchants don’t tackle the ins and outs of PCI compliance on their own. Instead, they rely on their merchant services provider to handle it. But that does not relieve them of responsibility. Everyone involved in credit card processing — the merchant, merchant services provider, card issuers and banks — plays a role in PCI compliance and needs to make it a priority.
• Achieving compliance guarantees that data is safe. As in life, there are no guarantees when it comes to compliance. Staying one step ahead of hackers and thieves requires constant vigilance. Achieving compliance is the first of many steps to keep data secure.
• PCI compliance doesn’t apply to small businesses like mine. PCI compliance applies to all businesses that process credit card payments, regardless of size or sales volume. Small businesses are often a prime target of hackers, so they need to respond accordingly.
• Merchants must store credit card and cardholder data to be compliant. Absolutely not! PCI DSS prohibits the storage of credit card magnetic stripe data and discourages the storage of customer data. It also stipulates that all data, stored or not, must be encrypted to keep it secure.
• PCI compliance is practically impossible to achieve. In fact, PCI DSS protocols represent good security sense and best business practices that protect you and your customers. Just as you may use a security system to protect your retail location, PCI compliance protects your credit card processing system.

PCI compliance is not only mandatory, it’s smart for all businesses that accept credit cards. That’s why, as a reputable and experienced merchant services provider, Merchant Express helps all its clients achieve and maintain PCI compliance. We also provide a data breach security program that helps cover expenses that arise from a suspected or actual breach.

Still have questions regarding PCI compliance? Talk to a Merchant Express representative today to get answers.