The Payment Card Industry Security Standards Council (PCI SSC), comprised of Visa, Mastercard, American Express, Discover and JCB, is in charge of establishing minimum safety standards for how credit card payment information is captured, sent, processed and stored. Remaining compliant with these guidelines is mandatory for all organizations that handle credit card data of any kind.
Even if you run a nonprofit that collects card-based donations for worthy causes, you still have to make sure your payment environment is PCI compliant — because, left unchecked, credit card fraud creates a host of problems for everyone involved:
- Fraudulent losses and penalties are expensive.
- Security breaches diminish consumer confidence.
- Customers/donors spend less money.
- Businesses generate fewer sales.
- Governments collect less tax revenue.
Different Levels of PCI Compliance
The Payment Card Industry has established four compliance levels based on your processing volume and how you choose to accept payments.
- Level 1: If you process more than 6 million transactions annually, regardless of how you accept those credit card payments (online, in person, over the phone, etc.)
- Level 2: If you process between 1 million and 6 million credit card transactions annually, regardless of how you accept those payments
- Level 3: If you process between 20,000 and 1 million e-commerce card-based transactions annually
- Level 4: If you process fewer than 20,000 e-commerce transactions annually or if you process up to 1 million offline sales every year
If you’re like most small business merchants, you likely qualify for Level 4 PCI compliance, which has some of the simplest rules.
Even so, it’s best not to take any chances.
Before getting started, you should consult with a Qualified Security Assessor (QSA) who can advise you on the most appropriate PCI compliance level. Our merchant services team may also be able to help you as well.
Keep in mind, however, that PCI compliance is a process and not a one-time fix. So you’ll need to revisit the guidelines periodically to make sure you’re following the latest security standards — as your business continues to evolve, your level may change accordingly.
How Do You Become PCI Compliant?
Unfortunately, there is no one-size-fits-all approach to PCI compliance tools and guidelines. The rules that a Level 1 merchant has to follow are very different from those that a Level 3 merchant must use.
By using the free resources below, you can easily identify the compliance steps best suited for your particular business. The sooner you begin, the better. Remember, payment fraud is a very serious problem that will only become worse over time.
- A comprehensive overview of PCI Compliance
- PCI compliance tips for Small Merchants
- BluePay’s free Self Assessment Questionnaire
- The latest PCI compliance changes (2.0 vs. 3.0)
If you have questions about becoming PCI compliant, don’t hesitate to contact our merchant services team today.