Payments security is still a hot topic in the press, and that’s not about to change anytime soon.
Everyone’s talking about credit card and point of sale fraud in the US, and companies are taking every opportunity to ride the current wave and introduce new technology to help eliminate these problems. We’ve discussed the emergence of EMV and Apple Pay among others, but let’s back up a bit and explore the role of the PCI Security Standards Council in maintaining security for merchants and consumers everywhere. Even if you aren’t exactly familiar with PCI compliance, it should certainly be something that you look for when choosing your POS software and equipment. Here’s everything that you need to know about PCI compliance, and what ShopKeep does to ensure that your business is safe.
What is PCI compliance?
PCI compliance is the term used to indicate that a business complies with the payments security requirements established by the Payment Card Industry Security Standards Council.
I know, that sounds very confusing, but it’s actually very simple. In 2006, the top payment card companies, Visa, Mastercard, American Express, Discover and JCB, formed a group called the Payment Card Industry Security Standards Council (PCI SSC) to create and enforce a universal security standard for payments, for all businesses to follow. This security standard known as the PCI DSS (Payment Card Industry Data Security Standard), ensures that all companies that process, store, or transmit any credit card information follow certain protocols to help maintain a secure environment. That means that every company from your processor and your point of sale software maker, to your payments hardware manufacturer is held to this same exact security standard. A copy of this written standard is available for anyone to view right on the PCI SSC website.
Why is it important for your business?
The standard was established to make sure that all companies that have a hand in your payments process are held accountable for their role in contributing to breaches. More importantly, it helps business owners and consumers know that the companies that they engage with are taking the necessary steps to ensure the safety and security of their personal information, and that of their customers.
It’s important to note that as a business owner, it is not just your processor or point of sale company that is required to be PCI compliant, but you as well. Because you accept credit card transactions and collect sensitive customer information through your POS system or card terminal, you too are held to this standard. If you fail to be compliant, you are sometimes subject to fees from your bank or processor in the event of fraud. Banks and processing companies are often fined as high as $100,000 per month for compliance violations, and some of those costs are handed down to business owners, sometimes without their knowledge. Be certain that your processor is compliant, and always make sure to keep a close eye on your processing fees and transaction activity each month.
What should I look for?
The great news for busy entrepreneurs is that because the standard is universal, the only thing that you really need to look for is that each entity that you deal with for payments is compliant. So for example, if you process transactions with your bank but use a POS system to do so, then you should make sure that the processor (bank) is compliant, as well as the POS software company – oh, and the maker of the hardware that you swipe credit cards on.
I use ShopKeep…What do I need to do ensure PCI compliance and security?
The short and sweet answer is nothing. ShopKeep and all of our hardware partners are PCI compliant. Our credit card swipers immediately encrypt the sensitive customer information at the point of swipe and send it to your processor for immediate authorization. So unlike many other existing point of sale systems, ShopKeep does not store any payment information to authorize and process later. All we ask of you is that once a year, you complete a brief questionnaire that makes sure you understand the basics of PCI compliance yourself.
Note: If you use ShopKeep but process payments through a company other than ShopKeep Payments, then you should make sure that they are not charging you any PCI compliance fees.
That should cover all of the basics of PCI compliance for you. Get in the habit of looking for PCI certification anytime you’re considering a new company for processing or point of sale. Let us know if you have any questions about PCI compliance in the comments section below.