PCI Compliance
We have been receiving numerous calls about PCI DSS Compliance. It seems confusing and frustrating so we will try to give you a simple explanation.
PCI is the basic practices that you hope everyone that accepts credit cards uses. By becoming PCI Compliant you are not only protecting your customers private information but you are helping to reduce fraud and keeping merchant rates low for all businesses.
All merchants that accept major credit cards must be compliant.
All merchants are required to be PCI Compliant. Merchants at smaller transaction levels are able to do a Self Assessment Questionnaire (SAQ). There are several SAQ's depending on your card acceptance practices.
This page will tell you which merchant category you fall under. Your Merchant Service Provider should be able to help you decide which form to use for your business and help you become PCI Compliant.
Please note that if you store your customer’s credit card data in a computer or other electronic device you will be required to use form D.
If you use a Pin Pad you must make sure that it is an approved PED. A list of approved PED’s can be found here. If you are unsure about your Pin Pad contact your MSP.
Once you complete the SAQ you will need to fill out the Attestation of Compliance and send it to your Merchant Service Provider. If you are not sure who your MSP is you should be able to find their number on your monthly Credit Card Merchant Statement.
Terminology
MSP – Your Merchant Service Provider. This is the company that processes your credit card transactions. Their number can be found on your Merchant Statement.
PCI – Payment Card Industry
PED – Pin Entry Device (normally a pin pad for entering debit card pin numbers)
DSS – Data Security Standards
SAQ – Self Assessment Questionnaire
For more information visit The PCI Security Standards Council’s Website.