If you are a merchant who accepts credit and debit card payments you are responsible for securely storing, processing, and transmitting cardholder data. The PCI Data Security Standard (PCI DSS) is developed and maintained by the PCI Security Standards Council to provide a set of requirements for the prevention, detection and reaction to cardholder data security breaches that could affect your business.
To become PCI compliant, your business needs to implement and maintain a series of requirements that create a secure payments environment, protecting your customers and maintaining privacy for their payment card data. To certify compliance, most merchants (except extremely large ones) must complete a Self-Assessment Questionnaire (SAQ) and provide an Attestation of Compliance (AOC) annually.
The size of your business and the number and type of transactions you complete each year determines the level of compliance you must maintain and the complexity of the SAQ you must complete. Overall, there are four levels of PCI compliance.
Small businesses processing fewer than 1 million transactions per year are considered Level 4 merchants, as long as fewer than 20,000 of those transactions are classified as e-commerce (your customers enter transactions themselves on a website). If your credit card processing exceeds those levels, your business falls into a higher compliance level.
How you process your transactions is also important. There are different types of SAQ for merchants that process exclusively card-not-present MOTO (mail order/telephone order) transactions, e-commerce (web) transactions, card-present POS (Point of Sale, this includes using a swipe device on a mobile phone or tablet) transactions, or a combination of the three.
The PCI DSS is comprised of 12 core requirements designed to protect cardholder data wherever it is transmitted or stored. The details are highly complex, but luckily as a PaySimple merchant you don’t need to concern yourself with most of them. PaySimple is a Level 1 PCI DSS certified Service Provider, and as such simply using the PaySimple system for all your credit card processing takes care of most of the PCI Requirements.
However, PaySimple can’t certify PCI Compliance for you. And, there are things you as a merchant are required to do in order to ensure that your business remains PCI Compliant. These include:
To complete PCI compliance for your business, or if you are unsure of the level of compliance you need, go through our PCI Compliance Checklist and answer the questions to the best of your knowledge.
For additional information about PCI compliance and why you need to become compliant, read our PCI Compliance FAQs.
PaySimple has a special arrangement with NPC that enables us to offer most Level 4 MOTO merchants a greatly simplified PCI Compliance program. To complete your PCI compliance certification as a NPC credit card processor customer, follow these guidelines to complete your annual PCI certification.
To complete your PCI compliance certification as a NAB credit card processor customer, use the steps outlined to complete your annual PCI certification.
Subscribe to the PaySimple blog for small business insights delivered straight to your inbox.
Thank you for signing up for our newsletter.