Blog

PCI Data Security: The #1 Misconception That Can Harm Your Business and Its Reputation

There’s a common misconception about PCI compliance, that, if not addressed, can seriously harm the very business and professional image you’ve worked so hard to build.

The misconception? That your business does not need to become PCI compliant and renew its certification each year.

It’s easy to see how this misconception could come about. Most small businesses use a business management software, and work with third-party merchant services provider, like Constellation Payments, to help run their business.

Yes, the software provider is PCI-certified, and the merchant services provider is also PCI-certified.

However, working with PCI-certified vendors does not exempt a business from having to show their own compliance. All businesses that participate in the payment transaction process must adhere to PCI compliance standards. The process includes more than running payments through your software.

The payment transaction process includes how credit card and debit card payment information is handled at the front desk in fitness clubs and gyms, at the counter in salons and spas, on a tablet for on-the-go businesses like personal training, at the register in a retail store, and so on.

How Do I Get My Business PCI-Certified?

To become PCI-certified, your business must complete the self-assessment questionnaire annually.

Fortunately, there are many resources to help with PCI certification – ones that make it a relatively pain-free process.

At Constellation Payments, as part of our solution, each merchant is enrolled in the PCI Plus Protection Program that’s provided by well-known Quality Security Assessor, Sysnet.

What’s great about this program is that you get hands-on help. The team at Sysnet will guide you through the entire process to help you complete your self-assessment questionnaire (SAQ). And they’ll confirm all answers.

Once the questionnaire is completed, you’ll be able to download your validation certificate and then send the certificate to your merchant processor to have on file.

What Happens if My Business Isn’t PCI-Certified?

1. You could lose the ability to accept credit cards.

If there are possible breaches of card association regulations, the card brands could revoke your right to process credit cards.

2. You could get hit with a big financial loss.

Non-PCI-compliant merchants can face fines of up to $500,000.00 in the event of a data breach.

In addition, PCI non-compliance can result in penalties ranging from $5,000 to $100,000 per month by the credit card companies. These penalties depend on the volume of clients, the volume of transactions, the level of PCI-DSS that the company should be on, and the time that the company has been non-compliant. For example, the penalties for a Level 1 company that has not met the requirements for more than 7 months, could reach up to $100,000 monthly.

Merchant level identification is based on the total volume of transactions per year. See VISA’s site for detail on each level and level requirements.

3. You could lose clients and business.

All it takes is one data breach – no matter its size – to damage your business financially and inflict irreparable damage to your business reputation.

4. You’ll be subject to monthly non-compliance fees.

US businesses that have not completed their annual self-assessment questionnaire, and have not demonstrated PCI-DSS compliance, are subject to a $59.99 per month non-compliance fee.

At Constellation Payments, this fee is meant as an incentive to complete your PCI compliance self-assessment questionnaire to ensure you’re handling and processing credit and debit card payments in a safe and secure manner. Once a merchant has completed their questionnaire demonstrating compliance, the fee drops to $0.

The Benefits Beyond Data Security

Being PCI compliant doesn’t just ensure your business is following the rules and regulations. PCI compliance also helps your business growth and reputation. Knowing your systems are secure, consumers can trust you with their sensitive information and have confidence that their information is safe and protected.

Confident customers that trust you are more likely to do business with you again and become loyal, repeat shoppers. They’re also likely to recommend you to their friends.

Another key benefit of compliance: it improves your reputation with acquirers (banks and financial institutions that process credit and debit cards on your behalf).

Compliance also improves your reputation with payment brands such as VISA and MasterCard.

The Small Time Investment to Become PCI Compliant is Well Worth the Big Gains in Consumer Confidence and Peace of Mind

While it does take some time and effort to become PCI-compliant, it’s well worth it to gain customer trust and confidence — and avoid catastrophic data breaches that can destroy your business.

Not PCI compliant? Make today the day you become certified to protect your livelihood.

Or as the PCI Security Standards Council website so aptly states, “You’ve worked hard to build your business — make sure you secure your success by securing your customers’ payment card data.”

Share this article:

Leave a Reply

Your email address will not be published.