The payments industry is set to see dramatic changes in 2018. The emergence of new technologies & consumer payment trends will push many businesses to reflect on their own PCI-DSS liability, including what’s at stake for them if a security event or breach should occur. For these companies, knowing how to reduce or limit your PCI liability is a must.
If you currently accept payments of any type, your customers want to know that their data is protected. This is where PCI comes in. Here’s a little bit about what you should know about PCI Compliance and how it’s important to your business.
What the heck is PCI-DSS?
PCI-DSS refers to the Payment Card Industry Data Security Standards Council. This council’s primary focus is to ensure that businesses who are processing payment card data are held to a standard set of rules and regulations that keep said card data safe from compromise.
What is a data breach or compromise?
While data breaches are caused by many scenarios, a few of the more common ones are:
- Using non-secure telephony or web connections to transmit sensitive customer data
- Storing card data in non-secure environments
- Call Center Agents/Customer service representatives writing down customer information during interaction
Who is responsible?
According to its’ stringent guidelines, ALL entities involved in the processing of payment information are obligated to be PCI Compliant, which can also require certain businesses to perform a yearly PCI audit by a Third-Party auditor. But that’s not all. The PCI-DSS reserves the right to fine any entity that is found to fall outside of PCI-DSS, with first-time fines for non-compliancy ranging from tens to hundreds of thousands of dollars. For many, this may just cause the entire business to be at stake.
What can YOU do to make sure you’re following the rules?
Outsource your PCI Liability to a third party, or partner with a PCI-Level 1 payment solutions provider. Many businesses find maintaining PCI liability on their own to be quite challenging and look to outsource their PCI liability to a third-party that is accredited and audited yearly for PCI compliance. It’s also important that businesses team up with someone who can also provide the SaaS solutions necessary to keep accepting payments as they wish. Some of the most commonly seen challenges are:
- Lack of regulatory knowledge in the payments industry
- Lack of resources & risk mitigation personnel
- Too costly for their operations to maintain
Any business facing these should look to outsource their liability. The benefits of doing so not only include reducing PCI scope, but it can also expose them to other payment methods that align with their operations, customer demographics and changing consumer trends. (e.g. phone or text payments, chat-bots, web-based payment pages, social payment pages, etc.)
The Bottom Line
PCI compliance MUST be a top priority for any business that is navigating the ever-changing payment landscape in search of new, innovative ways to accept payments from their customers. Here at IVR Tech Group, we understand your role, what’s at stake, and know how to help. That’s why we offer a full suite of PCI-DSS Level-1 certified solutions known as Compass Pay.
Check out Compass Pay here.
For more information on PCI-DSS, your role & liability, you can check out the PCI website here.