The Payment Card Industry (PCI) Data Security Standard sounds like a dry subject. And it is – until a non-compliant business faces bank fines, penalties, investigations, lost sales, or even lawsuits after a data breach. PCI Compliance helps to protect businesses and their customers from data theft and credit card fraud.
Payments fraud is a serious and growing problem. In the U.S., card fraud alone totaled $7.1 billion in 2014. And every dollar of fraud costs merchants a total of $3.08. Learn about the payment methods most susceptible to fraud, the key causes, and some of the ways businesses can fight back.
E-Complish is a Level 1 PCI Compliant payment partner that provides payment solution technology to companies all across the globe. From Text2Pay to MobilePay to DirectPay, E-Complish offers unique solutions to fit any business model – regardless of size or industry – taking the hassle out of PCI Compliance Rules and Regulations for your financial department while reducing costs and liability.
Depending on the size of the company, PCI Compliance can cost between tens of thousands to millions of dollars. The initial costs may seem high, but even the set-up fees don’t account for surprise charges that come along when your company must pay for additional adjustments to abide by these strict standards.
Becoming PCI Compliant can take up to two full years, and the certification renewal process can take up to six months. While waiting those two full years, your company and your transactions are not PCI Compliant – leaving your customer vulnerable to security risks and your company vulnerable to fines levied by the card companies.
From installing new servers to setting up new divisions in your company, PCI Compliance takes hundreds of hours to implement and maintain. In addition, resources must be delegated to maintaining PCI Compliance security standards, decreasing bandwidth and reducing productivity.
Not all payment processors are compliant with the levels that your company will need. Insist on seeing their Attestation of Compliance (AOC). The AOC document was specifically created by the PCI DSS Council to provide proof of compliance standards and their compliance level. To get an AOC, the payment processor must be assessed by a QSA (Qualified Security Assessor) to verify compliance. Only a QSA can sign off on a Service Provider’s AOC. Alternatively, you can verify their compliance by visiting the Visa and MasterCard websites of Compliant Service Providers. Below is a sample of rules set by Visa that Service Providers, like E-Complish, must maintain:
The Payment Card Industry Data Security Standard, or PCI Compliance, is a set of regulations that govern all merchants who process credit and debit card transactions. The larger the merchant, the more strict the standards that govern them. Some companies attempt to adhere to these security standards on their own. This has huge drawbacks for resources considering both the cost and the time it takes to become PCI compliant. Some decide to outsource the headache and cost to PCI Compliant Service Provider like E-Complish. The below chart is the rules associated with Merchants level. Your level will determine which level of PCI Compliance you must maintain:
Are you a Level 1 Merchant?
Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
Level 1 Merchant Requirements
Level 1 merchants should engage a Qualified Security Assessor to complete the Report on Compliance and provide the report to their merchant bank. Alternatively, merchant banks may elect to accept the Report on Compliance from a Level 1 merchant’s Internal Security Assessor, provided that a letter signed by a merchant officer accompanies the report. Level 1 merchants must also submit the latest PCI DSS AOC – Merchants form completed by their assessor to their merchant bank. Merchant banks must submit the latest PCI DSS AOC – Merchants form and a letter accepting the merchant’s full compliance validation to Visa upon receipt and acceptance of the merchant’s validation documentation.
Are you a Level 2 Merchant?
Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year.
Level 2 Merchant Requirements:
The PCI DSS Self-Assessment Questionnaire (“SAQ”) must be completed by Level 2 and 3 merchants.
Are you a Level 3 Merchant?
Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.
Level 3 Merchant Requirements:
The PCI DSS Self-Assessment Questionnaire (“SAQ”) must be completed by Level 2 and 3 merchants.
Are you a Level 4 Merchant?
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year.
Level 4 Merchant Requirements:
Level 4 merchants may be required to complete the applicable PCI DSS SAQ as specified by their merchant bank.
Make it easy and eliminate the headache of PCI Compliance. Visit our Solutions tab to learn which E-Complish solutions are right for your business, and install a PCI Compliant E-Complish payment processing solution today.
Contact a member of our Sales team for an online demo of our VirtualPay system and payment processing products.
