Author bio: Kristen Gramigna is Chief Marketing Officer for BluePay, a provider of secure payment processing. She has more than 20 years of experience in the bankcard industry in direct sales and sales management and marketing.
Most people don’t appreciate everything that must happen in order for their credit card or debit card transactions to work smoothly. All they know is they swipe, dip, or enter their card information and the transactions are completed within a moment or two.
Merchants, however, know there’s an extremely complex infrastructure in place that has to be functioning properly for those transactions to work, and it’s their responsibility to ensure they do. That infrastructure not only has to work flawlessly each time, but it also has to be secure enough that customers’ sensitive information won’t be left exposed — consumers expect that their credit card or debit card information will be in good hands every time they use their cards.
In order to ensure that merchants reward the faith of their customers, the Payment Card Industry Security Standards Council has created a set of data security standards merchants need to follow. Any business that accepts card payments must be in compliance with these standards, or else risk severe consequences for itself and their customers.
Failure to comply with the PCI standards not only puts merchants at risk of fines that can exceed $100,000 a month, but it can leave customers’ sensitive information exposed to cybercriminals and put them at risk of identity theft. Banks may also levy hefty charges and fines upon merchants who fail to comply with the PCI standards, which is a main reason why a data breach costs the average business approximately $4 million.
Bottom line: Complying with PCI standards is extremely important for any business that accepts card payments. However, there are a number of persistent myths and misunderstandings that may prevent a business from being in compliance. For example, businesses that rely on an outside vendor to process card transactions may believe this automatically puts them in compliance, but under the standards it remains their responsibility to ensure they are in compliance, as well as their vendors.