While PCI compliance might feel like one of the least exciting things to think about, it is one of the most important when it comes to accepting mobile payments for your business.
PCI compliance standards are in place to ensure the security of cardholder data. The processes you put in place are critical to ensuring your business is protected and you maintain trust with your customers.
Why is PCI Compliance Important for Your Business?
If you accept credit and debit cards, you are responsible for safely securely storing, processing, and transmitting your cardholder data.
What is PCI Compliance?
The PCI Data Security Standard (PCI DSS) is developed and maintained by the PCI Security Standards Council to provide a set of requirements for the prevention, detection and reaction to cardholder data security breaches that could impact your business.
What are PCI Compliance Requirements?
The PCI compliance requirements are a set of security standards requiring merchants that accepts credit and debit card payments to securely store, process and transmit cardholder data. They were developed as a result of widespread security breaches, specifically hackers stealing credit card data.
There are 4 compliance “levels,” broken out by how many transactions the merchant processes each year, along with the types of transactions being processed.
What are the 4 Compliance Levels?
The size of your business and the number and type of transactions you complete each year determines the level of compliance you must maintain.
There are 4 levels of PCI compliance:
- Level 1: Over 6 million card transactions per year
- Level 2: Between 1-6 million card transactions per year
- Level 3: Between 20,000 to 1 million card transactions per year
- Level 4: Fewer than 20,000 card transactions per year
Most small businesses are considered Level 4 merchants because they process fewer than 1 million transactions per year. This also means, however, that fewer than 20,000 of those transactions are classified as e-commerce (your customers enter transactions themselves on a website).
How you process your transactions is also important. There are different compliance requirements for merchants that process mail order/telephone, e-commerce (web), Point of Sale (POS) or a combination of these.
PCI Compliance and Mobile Credit Card Processing
Being PCI compliant is crucial for setting up your business for success because it allows you to securely store your customers’ payment accounts for repeat business.
Two examples:
- You manage a fitness center and collect recurring membership fees, but you’d also like to sell bottled water onsite without asking for a credit card. Just pull up the customer record on your mobile app, access the existing billing account, and add the charge to their profile.
- You’re a contractor who is charging an estimate fee, but want to continue working with the client. A linked billing system will automatically and securely keep that credit card or bank account in the system for future invoices, recurring payments, or other transactions.
PCI FAQ:
If I only process a few credit card transactions a month, do I need to certify PCI compliance?
Yes. Any company that has a merchant account for credit card processing is required to certify PCI Compliance.
If I only process ACH transactions, do I need to certify PCI compliance?
No. PCI compliance is for credit card processing only.
Why Can’t My Payment Acceptance Provider Certify PCI Compliance for Me?
PCI certification is about your company, not simply about your payment processing application. So, each company must individually certify PCI compliance with its credit card processing company directly.
PCI compliance may seem overwhelming — there are a lot of complex, technical requirements that must be met in order to secure credit card information.
The good news is that PaySimple is a Level 1 PCI DSS certified Service Provider, which means we can handle about 90% of your PCI compliance requirements. This means the steps you need to take to certify your company’s PCI Compliance are significantly reduced.
Once your business is verified as PCI Compliant, you can begin to instill compliance throughout the day-to-day activities of your business.
For helpful information on asking the right questions when choosing a Mobile Credit Card Processing partner for your business download our [Free Guide & Checklist].