What Does It Mean to Be PCI Compliant?

The Payment Card Industry Data Security Standard is a worldwide information security standard drawn together by the Payment Card Industry Security Standards Council (PCI SSC). If a company is PCI compliant, it simply states that that the company meets all of the requirements that are put together by the Payment Card Industry Data Security Standard (PCI DSS) in order to maintain a protected environment for companies that process, reserve, or send out credit card information. The PCI applies to all organizations that accept credit cards or debit cards as a form of payment.

The Payment Card Industry Security Standards Council (PCI SSC) was created by five major payment card brands including American Express, Visa, Mastercard, JCB, and Discover; the focus of PCI SSC is to make security standards better by preventing credit card fraud. PCI Compliance is always progressing and therefore, has a huge effect on millions of banks, businesses, shopping carts, e-commerce, and other merchant service workers. Moreover, PCI applies to all organizations or merchants that accept credit cards or debit cards as a way of payment whether these payments are accepted online or in person.

There are four different merchant levels that are determined by transaction volume over a time span of twelve months. Although each payment card brand has their own requirements for PCI compliance levels, here is a general idea of how the levels work in regards to Visa: merchant level one includes suppliers who process over 6 million transactions per year. Level two processes 1-6 million transactions a year and level three processes 20,000 to 1 million e-commerce transactions a year. Lastly, merchant level four includes any business that process less than 20,000 e-commerce transactions a year and all other merchants who process up to one million visa transactions a year. Organizations that handle large volumes of transactions need to have their compliance assessed by a Qualified Security Assessor (QSA) while companies who handle smaller volumes, most of the time have the option of self-certification. Levels for storefront merchants and internet-merchants vary. Nonetheless, all merchants, no matter of the size, need to be PCI compliant or serious consequences can occur.

There are penalties towards merchants who are not PCI compliant including being fined between $5,000 and $100,000 a month and an increase in transaction fees. It is vital, especially for small businesses, to be aware of these consequences as they can be disastrous.

With the PCI compliance certification, HostLabs understands the importance of security best practices and data handling. As a Service Provider, HostLabs adheres to the strict guidelines imposed by the PCI council, and customers can rest assured that all their sensitive information is securely protected on their servers.