PCI compliance myths Part 1

Biometric technology has the power to take a bite out of card not present credit card fraud
Can biometric technology help with card not present security
December 11, 2018
EMV technology predates its introduction in the US but it has been instrumental in stamping out credit card fraud across the globe
What led to EMV technology
December 25, 2018
Biometric technology has the power to take a bite out of card not present credit card fraud
Can biometric technology help with card not present security
December 11, 2018
EMV technology predates its introduction in the US but it has been instrumental in stamping out credit card fraud across the globe
What led to EMV technology
December 25, 2018
Show all
There are many myths that surround PCI compliance. We would like to bust some of them.

There are many myths that surround PCI compliance. We would like to bust some of them.

As a merchant your business is your life and livelihood. You would protect it just as you would your child and in some cases maybe even more so. With all of the data breaches that have been in the news protecting your business is becoming even more important. Nothing is unhackable but the best way to lessen the chance of being hacked is to achieve and maintain PCI compliance. There are some myths that persist around PCI compliance that prevent some merchants from achieving it and today we are here to bust some of them.

One major myth is that merchants who only process a small number of credit card transactions are exempt. That is not true. If you accept credit cards, or really any form of payment other than cash or check, you need to be in compliance. No ifs ands or buts about it.

Another myth is that a merchant has to only pass most of the criteria to be compliant. Well, that is not true either. Close only counts in horseshoes and hand grenades. To be PCI compliant you must pass 100% of the criteria. If you fail one criteria, you are not compliant.

A common myth is that only credit card data has to be protected. That is false. Debit card must be protected the same way credit card information is. Debit cards can be used the same way credit cards can, whether it is on a POS terminal or online and thus must have the same level of protection.

Some small business owners just starting out do not believe that they need to be PCI compliant and will wait until they grow. If this is you, don’t wait. If you accept credit cards as a payment option that information can be compromised and the fines can add up. The best way to avoid this is to become PCI compliant immediately. Do not wait until your bank asks/tells you to either. Be proactive about this.

Some merchants believe that PCI compliance only applies to e-commerce. Well, PCI compliance does apply to e-commerce sites but if you accept credit cards as a payment option you need to be PCI compliant. That is whether you have a brick-and-mortar store, run an e-commerce store out of your house or if you take cards via your smartphone.

For some merchants the Self-Assessment Questionnaire is something that all they need to do is just answer yes to the questions and be done with it. That is not the way to go. Doing that did not work on tests in high school and it does not work here. If something happens and it is obvious to everyone that you did not take the test seriously and were never compliant the penalties could be serious. It could put you out of business. Don’t risk it and take the questionnaire seriously.

In today’s legalistic world everything gets signed for and no merchant has to sign anything promising to be PCI compliant so therefore a merchant does not have to. Right? That is wrong. PCI is part of the regulations that cover running a business and operating a merchant account. The paperwork promising to adhere to those were signed when you opened an account at a bank. Make it easy on yourself and become PCI compliant now.

Stay tuned for part 2 after the New Year!