Get Started

Main Menu

Utility Menu

Call Today

(866) 495-0423
Main Line
(866) 739-8324
US Support
(855) 812-5191
Canada Support

Understanding the Basics of PCI Compliance

The Payment Card Industry Security Standards Council (PCI SSC), comprised of Visa, Mastercard, American Express, Discover and JCB, is in charge of establishing minimum safety standards for how credit card payment information is captured, sent, processed and stored. Remaining compliant with these guidelines is mandatory for all organizations that handle credit card data of any kind.

Even if you run a nonprofit that collects card-based donations for worthy causes, you still have to make sure your payment environment is PCI compliant — because, left unchecked, credit card fraud creates a host of problems for everyone involved:

  • Fraudulent losses and penalties are expensive.
  • Security breaches diminish consumer confidence.
  • Customers/donors spend less money.
  • Businesses generate fewer sales.
  • Governments collect less tax revenue.

Different Levels of PCI Compliance

The Payment Card Industry has established four compliance levels based on your processing volume and how you choose to accept payments.

  • Level 1: If you process more than 6 million transactions annually, regardless of how you accept those credit card payments (online, in person, over the phone, etc.)
  • Level 2: If you process between 1 million and 6 million credit card transactions annually, regardless of how you accept those payments
  • Level 3: If you process between 20,000 and 1 million e-commerce card-based transactions annually
  • Level 4: If you process fewer than 20,000 e-commerce transactions annually or if you process up to 1 million offline sales every year

If you’re like most small business merchants, you likely qualify for Level 4 PCI compliance, which has some of the simplest rules.

Even so, it’s best not to take any chances.

Before getting started, you should consult with a Qualified Security Assessor (QSA) who can advise you on the most appropriate PCI compliance level. Our merchant services team may also be able to help you as well.

Keep in mind, however, that PCI compliance is a process and not a one-time fix. So you’ll need to revisit the guidelines periodically to make sure you’re following the latest security standards — as your business continues to evolve, your level may change accordingly.

How Do You Become PCI Compliant?

Unfortunately, there is no one-size-fits-all approach to PCI compliance tools and guidelines. The rules that a Level 1 merchant has to follow are very different from those that a Level 3 merchant must use.

By using the free resources below, you can easily identify the compliance steps best suited for your particular business. The sooner you begin, the better. Remember, payment fraud is a very serious problem that will only become worse over time.

If you have questions about becoming PCI compliant, don’t hesitate to contact our merchant services team today.


Topics: PCI Compliance and Fraud Prevention, Nonprofits, Small Business Tips, Getting Started with Payments

Welcome to the BluePay Blog!

Whether you're a small business, an enterprise corporation, a financial institution, or a software partner, we have created a series of blog posts to help you and your customers, learn more about the complex nature of payments. Take a look to learn how payments can help to simplify your business operation, and may even help to grow your revenue.

Recent Posts