Over the last several years the credit card industry has seen an alarming rate of fraudulent activity when it comes to the various ways of collecting credit card payments. In December of 2004 Visa, MasterCard, American Express, Discover Financial Services and JCB developed the Payment Card Industry Security Standards Council (PCI SCC). In response to this activity the payment card industry developed the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS requirements apply to all merchants which store, process or transmit cardholder data. These new requirements affect all payment channels, including retail (brick-and-mortar), mail/telephone orders and e-commerce transactions. Acquiring PCI compliance has now become an industry standard and beginning on July 1, 2010 financial institutions, merchants and service providers will be penalized and/or fined if they do not follow PCI compliance mandates. The problem is that the compliance process can be quite cumbersome and no one, including the payment processing providers, has provided any insight as to what types of fines and/or penalties will be assessed for non-compliance.
The PCI sponsor banks will start penalizing service providers which provide secure credit card processing services to all types of merchants. Since the PCI DSS deadline is getting closer, many merchants are now finding that if they haven't become compliant that their processor may be charging a penalty. Generally speaking, most merchants will not do anything unless there is a risk of a fine or fee. If you haven't received anything about this from your payment processor at this point I would recommend that you contact them to see what action may need to be taken in order to avoid any penalties or any disruption of service come July 1. While many merchants are currently being charged a penalty for not being in compliance, others have taken all of the steps required in order to gain compliance. The process starts by requiring the merchant to complete a Self Assessment Questionnaire (SAQ). The questionnaire is intended to determine a merchant's risk level. This short questionnaire can be very confusing and misleading for many merchants, especially those with multiple merchant accounts. After completing this questionnaire some find that they are compliant while others are required to find a company that can provide quarterly compliance scans. These services carry an average price of about $150. Some processors are working this fee into their plan pricing while others are using PCI compliance as an opportunity to drive added revenue.
There are many providers of merchant account, secure payment processing and ecommerce related services. Select one that has a good grasp on these new rules. Be on the lookout and ask for an explanation of any PCI related fees and be sure to only use a service provider who has an understanding of what is required in order for you to be compliant. For example, if you are looking to start your own ecommerce business website, be sure that the provider is compliant themselves. An example of a good PCI compliant website solutions company would be www.WebplusShop.com. Not only are they PCI compliant but they also have a good grasp on the new compliance mandates and can answer any questions that you may have in this regard. They are partnered with several service providers who provide PCI compliant payment processing services as well as PCI compliance scanning companies who provide the tools to help merchants become compliant if their SAQ status determines that these scans are required. Avoiding fees and penalties is in your hands. Take the leap and become compliant before July 1, 2010.