5 Myths of PCI Compliance

Monday, May 3, 2021

Years ago, when I thought of the word 'Compliance' it would conjure up memories of childhood rules or conforming to some rigid set of expectations.  Even dictionary.com's definition harkens back to a time before credit card fraud completely altered the meaning.

com·pli·ance

[kuhm-plahy-uhns] noun
 
1. The act of conforming, acquiescing, or yielding.
2. a tendency to yield readily to others, especially in a weak and subservient way.
3. conformity; accordance: in compliance with orders.
4. cooperation or obedience: Compliance with the law is expected of all.

Today compliance means something totally different to me and if you own a business that accepts credit cards, you know what I am talking about!  With credit card fraud amounting to organized crime and card breaches affecting millions of people across the world, it was not surprising that some form of protection or 'compliance' standards were put into place. What is surprising is the amount of MISinformation available regarding PCI Compliance.  

Here are 5 PCI Compliance MYTHS- if you need ANY assistance or additional information, please give our team a call at 888-249-9919!
  • 1.  We don't take enough credit cards to be PCI compliant

No matter how many credit cards you accept, every business must become PCI compliant.

  • 2. PCI compliance is the same no matter how I accept credit cards

How you accept credit cards determines what assessment you need to take and what additional actions you need to take.  Be sure that things like Mobile Processing, Processing over the Internet, and using a basic Analog terminal can alter your steps for compliance. (just to name a few)

  • 3. PCI compliance makes us store cardholder data

PCI regulations prohibit keeping cardholder data that is stored on the magnetic stripe or chip of a credit card. If necessary for business, merchants are allowed to save the information found on the front of the card, such as the name and account number. If a business needs to save this information, it must be encrypted and unreadable.  It is ALWAYS best practice NOT to store card data!

  • 4. PCI compliance is too hard

PCI compliance does take time and energy for each business to meet all the requirements.  The protection you receive from keeping up-to-date on the security of your credit card processing is significant. If there is a security breach of cardholder information and the business is not compliant, Visa fines up to $500,000 per incident. Taking the time to become compliant and remaining vigilant about securing cardholder information from theft will not only protect your company in case of a security breach but will also build trust in your customers.

  • 5. PCI compliance will make us secure

After completing all the PCI compliance requirements your company is secure, but only for that moment. Cybercriminals are always changing their techniques, trying to find a weak spot in the system to steal information. Merchants must be diligent in preventing cardholder data theft by continually preventing, detecting, and reacting to security incidents.

Compliance still brings up thoughts of adhering to rigid expectations. Educating yourself about compliance can debunk many of the myths that we run into on a daily basis and remove the 'overwhelming' feeling that often accompanies the thought of becoming PCI Compliant.

Cheri Perry 5/3/2021