There is a lot of confusion out there about PCI compliance. I have asked our partners at X-Charge Credit Card Processing Software to kind of help us out and keep us up to speed. They put together this article on PCI compliance. It is a fairly easy read and quite informative. Hope you like it.
Frequently Asked Questions (FAQ)
Q: Are the PCI DSS standards
and requirements a law?
A: Maybe. They
are standards that were created and are enforced by the major payment card
brands who established the PCI SSC: American Express, Discover Financial
Services, JCB International, MasterCard Worldwide and Visa Inc.
Historically, enforcement has been contractual, with fees,
fines and tort as the major points of liability for a merchant. However, recent legislation may make
compliance legally mandated for some merchants. Nevada was the first state to pass legislation requiring that
all merchants achieve and maintain compliance with PCI security standards.
Q: Where can I find the PCI Data Security Standards
A: The Standard can be found on the PCI SSC's Website:
Q: If I only accept credit cards over the phone,
does PCI still apply to me?
A: Yes. All businesses that store, process or transmit payment
cardholder data must be PCI Compliant.
Q: Do organizations using third-party processors
have to be PCI compliant?
A: Yes. Merely using a third-party company does not exclude a
company from PCI compliance. It may cut down on their risk exposure and
consequently reduce the effort to validate compliance. However, it does
not mean they can ignore PCI.
Q: Are debit card transactions in scope for PCI?
A: In-scope transactions include all transactions originating
from debit, credit, and pre-paid cards branded with one of the five card
association/brand logos that participate in the PCI Security Standards Council -
American Express, Discover, JCB, MasterCard, and Visa International.
Q: What are the penalties for noncompliance?
A: The payment brands may, at their discretion, fine an
acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The
banks will most likely pass this fine downstream to the merchant. Furthermore,
the bank will most likely either terminate your merchant processing relationship
or increase transaction fees. Penalties are not openly discussed nor
widely publicized, but they can be catastrophic to a small business.
It is important to be familiar with your merchant account agreement, which
outlines your exposure.
Q: What if a merchant refuses to cooperate?
A: PCI is not, in itself, a law. The standard was created by
the major card brands such as Visa, MasterCard, Discover, AMEX, and JCB. At
their acquirers/service providers discretion, merchants that do not comply with
PCI DSS may be subject to fines, card replacement costs, costly forensic
audits, brand damage, etc., should a breach event occur.
For a little upfront effort and investment to comply with PCI, you as a
merchant greatly reduce your risk of facing these extremely unpleasant and
|Horizon RV Resorts
Horizon is a customer of ours. It is a campground management company owned and run by Mr. Randy Hendrickson. They offer anywhere from full park management options to their new flex plan option.Check out their latest press release here. We have had Randy and his group as a customer for a long time and this is our way of saying thanks. So if you are in the market for his expertise please give him a call at 623.535.5151or send him a note. Thanks.