Being PCI Compliant

When you take card payments your number one responsibility is to protect your customers’ cardholder data. PCI compliance ensures that you implement ‘best practice’ across your business.

Protecting customers' data

If your business stores, processes, or sends any payment card information then you must be PCI compliant or you could face significant fines and in some circumstances expulsion from card processing networks and cancellation of your agreement.

As a merchant your number one responsibility is to protect your customers’ cardholder data. PCI compliance ensures that you implement ‘best practice’ across your business to achieve this.

PCI compliance may on the face of it appear time consuming and involve unnecessary effort, but it is extremely important, possibly preventing issues which could cost your business dearly.

PCI Compliance Standards are mandated by the card schemes such as Visa, MasterCard and American Express, and run by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Your PCI requirements will depend on which merchant level you fit into; there are 4 Levels.

The benefits of being PCI Compliant

The benefits of being PCI compliant include:

  • Customer Trust - PCI Compliance means you have successfully configured your systems and that processes are sufficient to support the requirements set by the industry. This means customers can trust you with sensitive payment card information, so they are more likely to become loyal customers and recommend you to others.
  • Improved reputation - with your customers, acquirers and payment card schemes.
  • Reduces the chance of negative publicity as you are less likely to have a data breach which will severely damage your reputation, customer relationships and your ability to conduct business ultimately impacting adversely on sales and possibly incurring payment card issuer fines.

PCI Compliance does not guarantee your business will not be affected by fraud or that your website won’t be hacked, but it does mean that you are operating ‘best practice’ as acknowledged by the card payments industry.

Becoming PCI Compliant

Beaulieu Case Study