PCI Compliance with different locations for a business

Same day debit processing
February 27, 2018
Online payment portals
March 13, 2018
Same day debit processing
February 27, 2018
Online payment portals
March 13, 2018

Not every business is the same. Your business is probably not structured the same as Wal-Mart or Best Buy and chances are your business does not have the same kind of revenue stream. There is one thing that all of these businesses do have in common and that is they have to be evaluated for PCI compliance.

Large retailers that accept credit cards (and that is pretty much all of them) are particularly vulnerable and receive heavy scrutiny when it comes to PCI compliance. With the recent rash of data breaches it is no wonder why. These businesses present lucrative targets to thieves and criminals and anything that can be done to secure their systems should be implemented and tested. Millions of their customers depend on it.

There is a good chance that you are not a large retailer. You are probably just a small merchant so you cannot afford hundreds of thousands of dollars worth of equipment and software as well as a large cyber security staff. The extent of that staff might even be you. Of course that does not absolve you of responsibility to protect your customer’s information. Thieves know that you have other things to do and could potentially be a target, albeit not quite as lucrative. The damage though can be just as devastating. PCI compliance for your business is just as important.

For merchants that operate out of multiple locations the question is often asked if a yearly PCI validation is required at each location. If a business uses the same Tax ID for each location, primary address and set of IP addresses then only one validation is required for the year. If any of those differ then a validation is required for each location that differs. With each location it is important to stress PCI compliance as well as to make sure that it is implemented. The fines for noncompliance can add up quickly!

The good news is that PCI compliance can be achieved by having the proper equipment in place to protect your customer’s information as well as the proper practices. This can include simple things like keeping your security software up to date to stop instructions or malware, regularly changing passwords and maintaining secure passwords, maintaining a firewall, keeping security settings up to date and making sure that all data is transmitted in an encrypted manner. Software suites like CardConnect can help you with that and working with a trusted processor that will do more than just let you know when you are being fined it important. The process itself does not need to be difficult and simplifying making PCI compliance as easy as possible is something that we strive for a JLE. As a busy merchant you have other things that need your attention as well.