Being “PCI Compliant” means that a business is following all of the rules to keep business and client information safe while processing credit cards. Compliance with PCI standards is required of all companies that store, process, or transmit cardholder data and applies to all acceptance environments; including retail (face-to-face), mail/telephone order, and e-commerce.
What is PCI?
PCI-DSS is a set of technical and operational standards designed by the Payment Card Industry Security Standards Council to protect cardholder data. The Council is made up of Visa, Mastercard, Discover, American Express, and JCB.
Why is PCI
A typical data security breach costs a small business merchant between $25,000 – $50,000, but can be much higher depending on how many card numbers were compromised. Non-compliance makes a business vulnerable to fraudulent activity and data breaches.
92% of cardholder data breaches occur in small business locations. They aren’t the breaches we hear about on the news, but they are the most common. PCI-DSS compliance is mandated by the card associations. The standard is overseen by an independent council of the five major card brands: Visa, MasterCard, American Express, JCB, and Discover.
Who needs to
become PCI compliant?
If you accept credit cards as a method of payment for goods or services, you must comply with the PCI Data Security Standards.
How do I become
compliant with PCI-DSS?
We have teamed up with security companies, to provide you with a program to become PCI compliant. Register today to get certified.
As a consumer you probably worry about data breaches, like the one that resulted in 40 million card numbers being stolen from Target. Well, as a result of recent Mastercard and Visa changes now you need to worry as a business owner too. But if you have a chip card reader, you are protected! You might not have realized it, but October 1, 2015 was a big day for businesses across America. That was the day that businesses were expected to use chip readers instead of swiping, all in the name of beefed up security.
Credit card issuers like Mastercard and Visa transferred the fraud liability to any merchant that was not using a chip reader. This meant if you swiped a card and it was used fraudulently, you the merchant would be liable.
What is EMV?
EMV stands for “Europay, MasterCard and Visa.” EMV set out to create world-wide standardized protocols for “integrated circuit” cards and the hardware necessary to accept these cards. EMV are also known as chip cards. In 2005 chip cards became the status quo in the Europe, and in 2012 Canada joined. These chip cards are manufactured with a small integrated chip in the card. Payment data is read from this chip instead of from the magnetic stripe.
How does the
EMV payment terminal
protect against fraud?
The magnetic stripe on traditional credit and debit cards store unchanging data. Whoever accesses that data gains the sensitive card and cardholder information necessary to make purchases. That makes traditional cards prime targets for counterfeiters, who convert stolen card data to cash. Unlike magnetic stripe cards, the chip generates a unique cryptogram for every authorization, making it theoretically impossible to duplicate an approval code to commit fraud. If a hacker stole the chip information from one specific point of sale, typical card duplication would never work because the stolen transaction number created in that instance would not be usable again and the card would be declined.