How to Comply With the New Payment Card Industry Data Security Standards
The new Payment Card Industry (PCI) standards, which recently went into effect, are meant to help merchants beef up their data-security practices to better protect their customers’ credit card information — a commendable endeavor, indeed. But figuring out how to actually comply with the standards has left many merchants scratching their heads. Following are the answers to frequently asked questions about the standards.
What is PCI? It’s a new, unified set of data-security standards from Visa, MasterCard, American Express and Discover card companies. Until this year, each card company had its own data-security standards. PCI, then, is a way for merchants to complete one data-security auditing process annually, and have that process be recognized by all the major card companies.
Who is expected to adhere to the new standards? Any merchant or service provider that stores, processes or transmits credit cardholder data is expected to comply with the new PCI standards. This applies to catalogers, etailers and brick-and-mortar retailers. The necessary steps you must take depend on how many credit card transactions you process annually.
The standards have been passed down by the card associations to acquiring banks, such as First National Merchant Solutions and Litle & Co., both of which count many catalogers and etailers as clients. The acquirers, in turn, are mandated to ensure their clients/merchants comply with the PCI standards.
Why was PCI instituted? It’s intended to help protect both consumers and merchants from data-security breaches. Its purpose is to unveil to merchants the vulnerabilities in their credit card processing methods, and to encourage them to fix such problems before hackers and criminals discover them.
Is the auditing process mandatory? Yes, for all merchant levels except Level 4, which is done at the discretion of the merchant’s acquiring bank, says Bob Botelle, vice president of customer service at Litle & Co., Lowell, Mass.