Accepting credit card payments is a necessity for businesses in this day and age. It’s also an incredible responsibility. When consumers give their credit cards to merchants, consumers believe that the systems merchants have in place will be secure enough to protect their sensitive information from thieves and other cybercriminals. In order to protect the faith consumers have in merchants, the Payment Card Industry Security Standards Council has created data security standards that any business accepting credit card payments must follow. When businesses fail to comply with these PCI standards, there’s much more at stake than potentially exposing consumers’ sensitive information to the wrong parties. They also run the risk of being hit with fines that can reach $100,000 per month; as well as their banks raising the fees they charge those businesses to process transactions. A business that is not in compliance with PCI also may be liable for losses due to fraud and other financial losses. Simply put, a business cannot afford to be noncompliant with PCI standards, especially considering that the average cost of a data breach is $4 million.
If you’re concerned about whether or not your business is PCI compliant, it’s worth looking into it and making sure you haven’t fallen prey to some of the most persistent myths about PCI compliance. For example, no matter how many transactions your business handles in a year, PCI compliance is still required by your bank. Even businesses that handle only a handful of credit card transactions are vulnerable to cyberattacks, so being PCI compliant is something businesses of every size need to make a priority. Relying on an outside vendor to process credit cards doesn’t exempt your business from PCI compliance, either. You must still confirm that your vendor is following the PCI standards or risk being noncompliant. PCI compliance applies to debit cards and prepaid gift cards as much as credit cards, too, so it’s important to be aware of how your business may be impacted.