The Payment Card Industry Data Security Standard (PCI DSS) can be pretty confusing. The technical details and numerous requirements can make compliance intimidating. However, establishing and maintaining compliance is incredibly important. Luckily, we’re here to help!

The technical definition of PCI is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. So, that explains everything. Right?

In case you’re still a little confused, PCI DSS was basically designed to make sure that companies who accept credit cards as a form of payment handle your credit card number, and some other info stored on your credit card, safely. PCI DSS makes sure that this sensitive data cannot be stolen easily by anyone else who may try to illegally access your information. This sensitive data includes…

  • CVV2, CVC2 & CID codes
  • Expiration date
  • Full name on credit card

Needless to say, exposing this information to the wrong people can have negative consequences. In addition to seriously damaging your reputation as a business, your customers can have their bank accounts hacked or their identity compromised.

A lot of people think PCI requirements are just for companies that accept payment through their website.  In fact, any business that accepts credit cards as a form of payment must be PCI DSS compliant. This includes…

  • Online transactions
  • In person transactions
  • Over the phone transactions

Even if you only take one credit card as payment, you still need to be compliant. And, if you utilize a third-party site, like PayPal or Google Checkout, you still have to be compliant.

Penalties for non-compliance:

  • Fines ranging from $5000 to $500,000 PER INCIDENT!
  • Loss of ability to process credit card payments
  • Placement on the Visa/MasterCard Terminated Merchant File (TMF) – This is really, really, bad. You most likely won’t be able to remove yourself from this list
  • Lawsuits
  • Insurance claims

Breakdown of guidelines:


Major companies with PCI DSS breaches:Major companies with PCI Breaches

The following two tabs change content below.
Kristen S

Kristen S

Kristen is responsible for managing all of IVR’s marketing efforts, including all of our digital media, managing partner relationships, driving leads and generating interest in our products and services.
Share On Facebook
Share On Twitter
Share On Google Plus
Share On Linkedin

Subscribe and get awesome monthly newsletters

Get our best articles in your inbox every month, introducing you to new trends, industry insights, best practices, and anything else you need to achieve business success.