I ran across this video today as I was doing some research for my clients. PCI stands for 'Payment Card Industry' and there are a set of 12 standards that all merchants accepting credit cards need to abide by. Your processor should take you through an annual review of these practices to help you as the business owner stay in compliance. However, most merchants don't even know these rules exist and ultimate it's not your processor's responsibility to keep you in compliance. It's your business, know the rules!
As more and more data security and privacy legislation goes into effect, businesses become liable for some huge fines for being non-compliant. This applies to any merchant who handles any form of sensitive, personal information such as social security numbers, bank account information, birth dates, etc.
While most credit card terminals are compliant, if you have an older model, it may not be compliant anymore. One easy way to tell is to look at your receipt. Is it showing all 12 digits of your customer's credit card? If so, you need to make a change right away! Believe it or not, I still run into this sometimes.
The second big issue I run into is that the business does not have a firewall in place to prevent electronic intruders from downloading sensitive information from their computer. If your credit card terminal is plugged into an ethernet cord, you need to have a firewall protecting the transfer of information. Every time you swipe a card, your terminal encrypts the cardholder data as one layer of protection, and the firewall provides another layer of protection. Just because you have one layer of protection doesn't mean you don't need anymore. The MINIMUM protection you are REQUIRED to have by law are the 12 requirements in this video, and they include multiple layers of protection for your customer's credit card information.
Do you care if your favorite restaurant gives out your card information freely to whoever would like to take a look? You do? Then you should care how your own business handles your customer's sensitive information. It's the Golden Rule, after all.
Enjoy the video!
Matt Koren is an Independent Credit Card and Merchant Services Processor located in Portland, OR. He runs his local company, Priority Payments NW, in addition to his management consulting practice.