Quick Links
CRM Login | Gift Cards | Elev8 App (IOS) | Elev8 App (Android)
PCI Compliance for Merchant IDs Starting With:
PCI Compliance
In the world of credit card processing and merchant services, there is a great deal of confusion about what PCI compliance is and what we are all supposed to do about it. Merchant service providers are constantly fielding questions from their merchants who do not understand what their role is in the compliance process.
PCI Compliance is about several distinct groups working together toward one main goal of protecting consumer credit card information from thieves. With the steady increase of fraud over the past decade, the payment card industry giants came up with something called PCI DSS. This stands for Payment Card Industry Data Security Standards. In other words, it is a set of guidelines that we all need to follow to protect consumer credit card information from fraudsters.
Everyone has a defined role in the compliance process:
The card associations (Visa, MasterCard, Discover, AmericanExpress) created the PCI Security Standards Council who is responsible for creating the payment card industry data security standards.
The credit card processors and merchant service providers are responsible for creating programs to help their merchants validate compliance. Typically merchant service providers use a third party company generically called a QSA ASV (Qualified Security Assessor, Approved Scanning Vendor) to administer an online questionnaire for the merchant to take. This questionnaire walks a merchant through what steps are necessary to protect their customer’s credit card information.
The salespeople are often the direct link between a merchant service provider and their merchant. It is their responsibility to become educated on what PCI compliance is and how it directly affects their merchants.
It is the merchant’s responsibility to ensure that their credit card acceptance practices meet or exceed the standards in the PCI DSS. The only way they can do this is by taking the questionnaire to determine if they have any practices that need to be eliminated. On the flip side, this also allows a merchant to determine if they need to be doing more to protect their customer’s credit card information.
The bulk of the confusion for merchants stems from the breakdown in communication about PCI compliance between them and their merchant service providers. Most agents do not understand the basics of PCI compliance. This is because most merchant service providers are not mandating that their agents take a class to understand the basics. The typical way merchants are introduced to PCI compliance goes something like this. They get their bank statement with a new fee on it. They then ask their agent/merchant service provider what that charge is for. The agent does not know, so they call the merchant service provider that they work for to find out what the fee is for and why their merchant was charged for it. The merchant service provider then lets the agent know that the merchant should have known months ahead of time about the fee and the reason for it because it was printed on the monthly statement the merchant gets. We all know most merchants do not read the words on their statements. They are simply skimming it to see if the number looks normal.
We feel it goes without saying that merchant service providers can do a better job of educating their agents about PCI Compliance. Additionally, it would make sense for them to create a better system for getting the basic information about PCI Compliance out to their merchants in a way that the merchant will digest that information. As a business owner, it makes sense to take a moment and read your statements for all new information that will have an impact on your credit card processing.
PCI Compliance is a relatively new phenomenon in the credit card processing industry; however, it is here to stay. Fraud is a very serious concern and it has been suggested that with the adoption of newer technologies in other countries, such as the use of an EMV chip in credit cards (replaces the easily manipulated magnetic data strip on US credit cards), fraudsters will be turning to the US market in swarms. Only time will tell if this will actually happen. For all of us in the credit card processing industry from the industry big boys down to the merchants, we have to work together to keep fraud at bay. This all starts with knowing where our weaknesses are and how to use best practices in order to protect our consumer’s credit card information. The first step is to ask your merchant service provider how your business can become compliant.
For more detailed information about PCI DSS and the PCI Compliance process you can visit the official PCI Security Standards Council website at www.pcisecuritystandards.org