Does your organization already accept debit and credit cards? If the answer is yes, you need to follow the Payment Card Industry Data Security Standard (PCI DSS).
The purpose of PCI DSS is to create an information security standard worldwide for all businesses that process and store credit card and user data for their organization. Every couple of years the process is changed, and the last review was in late 2010.
In a study done by the National Retail Federation (NRF), most businesses stated that they care about the security of their customers and think that keeping their clients' information safe is good for business. However, less than half of the respondents claim to be PCI compliant. It is no surprise that maintaining an up-to-date security system and securing clients' information can be costly and time consuming, but a data breach can be detrimental to a business and even cause it to shut down completely.
So what can a business do to protect its customer’s card information?
Encryption
One of the most important things a business can do to protect a cardholder’s information is encrypt the data from the moment it is swiped at the payment terminal, typed into a keypad, or submitted online. Once the credit card data has been pulled, it should remain encrypted all the way to the processor.
The key to encryption is to make the data practically unusable for thieves if they were to intercept it. Any unencrypted information sent in plain text can be easily intercepted and stolen.
Limit the Cardholder Data Environment
Every place that you store customer data as it relates to credit cards is called the “Cardholder Data Environment” or “CDE” for short. This can be on your computer or in a file cabinet, or any place else. Wherever you store customer credit card data, it must be protected in order to fall under PCI compliance. By limiting the access to CDEs, you can help protect your clients and keep within compliance requirements.
Tokenization
As an add-on to encrypting files, tokenization adds a unique number (token) to a transaction and is stored in a secured central server. The token replaces the credit card number and customer data and allows for further transactions to be referenced and posted using the token, such as returns and recurring transactions. The token itself is a random number assigned to the particular data set and is worthless to outside entities. It only serves as a reference point for prior transactions.
By using tokenization the customer data does not need to be stored locally and adds another level of security because the important information is secured in a central location while the tokens become the “public face” of the transactions.
Outsource
Finally, an organization that wants to be PCI compliant, but does not have the time or money to invest in it, can work with a third party provider that offers PCI Compliant equipment and payment gateways. By working with an outside PCI compliant payment processor, transactions will be encrypted and assigned a token automatically without any extra work for the merchant. To find a PCI compliant provider, check out our recommended credit card processors.
See the PCI Compliance Self-Assessment Questionnaire (Retail).
See the PCI Compliance Self-Assessment Questionnaire (E-commerce).
About The Author
In the late 2000s, as a broke college student struggling to make ends meet, I was contacted by a merchant services company after uploading my resume to a job listings website. This company promised substantial commissions and ongoing residual income for simply persuading businesses to accept credit card payments. It seemed straightforward enough—after all, what business doesn’t need to process credit card payments? Following a phone interview with a persuasive “sales director,” I found myself embarking on what I believed would be an easy job that would significantly boost my bank account with reliable monthly income and large sales commissions. However, the lessons I learned would profoundly change my life in ways I could never have imagined.
After completing my sales training, I hit the ground running, eager to make sales. This broke college student was determined to improve his financial situation! My first attempt at a cold call, with no prior appointment, ended with a burly man in his 50s yelling at me to leave, claiming he had been “totally robbed” by someone like me before. As I hastily exited, puzzled and intimidated by his reaction, I couldn’t help but wonder what he meant. Throughout the day, I encountered similar hostility from other business owners, all expressing disdain for the industry I had been so excited to join that morning. Confused and curious, I decided to shift my approach from selling to listening.
I quickly uncovered that the merchant services sector was riddled with unethical practices, including hidden fees, deceptive marketing, fine-print traps, and much more. It dawned on me that I had nearly been tricked by a dubious company into selling overpriced services under contracts with long-term commitments, all without being fully aware of what I was promoting. Outraged, I resigned from that company but learned that there were indeed ethical credit card processing companies that treated their clients fairly. Over the next four years, I worked for one such company, assisting hundreds of businesses in securing cost-effective processing solutions. Yet, I also met many more who had been misled and trapped in onerous service agreements. Determined to help people steer clear of these unscrupulous providers, I launched this website in my spare time, dedicating myself to researching and sharing my findings on every merchant account provider I could investigate.
Gradually, more and more business owners began to discover my articles. As word spread, search engines started to rank my content highly, amplifying its reach. My efforts were making a difference! Eventually, the website garnered enough traffic to enable me to leave my job and focus on it full-time, a journey that has now spanned over a decade. This path has not been without its challenges; unscrupulous company owners have tried to intimidate and sue me into silence on several occasions. Yet, I have stood firm against each threat. Here I am, continuing to publish reviews and articles, hoping to safeguard others from the pitfalls of the credit card processing industry.
If you believe in my mission and wish to contribute, please share my articles on your websites and social media. Thank you for visiting!
Copyright
Copyright © 2024 CardPaymentOptions.com, Inc. (Digital Fingerprint: 0d38c6720f0d78a701b74d58653af608). Getting paid to re-write this page? Click here to earn a reward.
Any unauthorized copying and reproduction of the content of this page, including all meta data and computer code, is strictly prohibited. While the information in the above article is believed to be accurate as of its publish date, the author and publisher make no representation or warranties with respect to the accuracy, applicability, fitness, or completeness of the contents. The author and publisher shall in no event be held liable to any party for any direct, indirect, punitive, special, incidental or other consequential damages arising directly or indirectly from any use of this material, which is provided “as is,” and without warranties. Any and all use of trade names and/or marks are for identification purposes only and shall not be construed as a claim of affiliation, or otherwise, with CardPaymentOptions.com, Inc. ("CPO") in any form. The sole purpose of the material presented herein is to alert, educate, and inform readers. It is not intended as legal or financial advice. We may earn revenue if you obtain services from a provider that we recommend. See this page to learn how we support our operations.
Reader Comments
Tell Us What You Think