Providing excellent service is the best way to win over your customers, and a simple transaction experience can help seal the deal. But processing a credit card payment isn’t just about accepting a client’s money — it’s also about protecting the client’s payment data.
According to the Federal Trade Commission, the costs of credit card fraud have risen by more than 25% since 2013. Given those consequences, it’s no wonder that credit card processors are required to adhere to the Payment Card Industry Data Security Standard.
But what exactly does that mean, and who is ultimately responsible for a merchant’s PCI compliance?
What Are PCI Compliance Standards?
PCI standards were developed by Visa, Mastercard, Discover, and American Express in 2006. Their goal was to create standard safety regulations to improve data and payment security for all companies and their credit card processing systems.
The guidelines these companies set forth to develop include technical steps organizations must follow to ensure they handle sensitive customer data in a safe, secure way. They include recommendations to not store such data and to check (and fill) security gaps often.
Since the creation of PCI standards, however, adherence hasn’t always been stellar. Verizon’s 2018 Payment Security Report reveals that in 2017, only about half of the observed companies were fully compliant. Yikes.
PCI standards are a critical part of a credit card processor’s overall security efforts, and every processor should be up-to-date on all those standards. But, ultimately, who is responsible for PCI compliance?
The answer isn’t as clear as you might expect.
Your credit card processor is the one that must comply, but if a breach does occur, the responsibility will fall on you as the company that accepted the customer’s payment. The fallout will mainly affect your company’s reputation, and any resulting fines will be yours to pay.
That means it’s on you to research your credit card processor’s PCI compliance.
How to Achieve PCI Compliance
If you haven’t taken time to ensure that your processing system takes PCI compliance standards seriously, you could be subject to several penalties, including:
- Monthly fines of up to $10,000
- Bank reversal charges
- A strained relationship with your bank
- Invasive FTC audits
- Lawsuits from consumers and credit card companies
- Loss of client confidence — and clients themselves
- A smeared brand image
Now you don’t have to wonder why PCI compliance is important. Fortunately, achieving that compliance isn’t complicated or difficult. It just takes a few questions and some caution moving forward.
First, you should ask your credit card processor’s system administrator or customer service representatives to explain PCI compliance and what it means for your business and customers. Take note of how transparent they are in their answers and whether they’re focused on educating you or on trying to push the sale.
Then, ask them to produce a PCI compliance checklist that includes protection for card readers and other point-of-sale, or POS, systems. Investigate whether the platform stores cardholder data, and if so, why and for how long. For optimal security, it shouldn’t store any data without a valid business reason.
Schedulicity Pay Promises Compliance
With Schedulicity Pay, you can rest assured that your credit card processor consistently adheres to PCI compliance standards. We’re upfront about our security standards from the beginning, and we’re always here to help you understand what compliance means for your business.
If you’ve already signed up for our Unlimited Bookings Plus add-on, then you can access and implement Schedulicity Pay for free. In addition to PCI compliance, we offer the lowest flat rates in the industry (1.99% + 10¢ for card dip, swipe, or tap and 2.85% + 25¢ for e-commerce or keyed-in transactions). Learn more about our compliance standards, low rates, and more by speaking with one of our experts today, or get started by clicking here!