Credit Card Fraud, Security and PCI Compliance
Credit card and check fraud costs consumers, merchants and financial institutions $51 billion a year.* If you are already accepting credit cards, or plan to, you are probably well aware of all the advantages accepting credit cards provides for you, by building your business and giving your customers more payment options. The security of cardholder information is important to both your customers and your business.
The Payment Card Industry Data Security Standard (PCI DSS) was created by the five major credit card companies as a guideline to help business owners implement the necessary hardware, software and other procedures to guard sensitive credit card and personal information. PCI DSS is a set of requirements for enhancing payment account data security. PCI compliance means that your business is exhibiting the best practices to prevent cardholder information or data security breaches.
One of the most significant PCI DSS requirements is that merchants may not store magnetic-stripe data after an authorization is obtained on a credit card. So magnetic-stripe data must be purged from your records, and from any system you use, after authorization. Generally, stand-alone dial-up terminals that communicate directly with networks do not store prohibited magnetic-stripe data after authorization. However, if you use payment processing software or have a third-party provider transmit cardholder data, you need to find out about your responsibilities.
The minimum requirement to become PCI compliant is to complete a Payment Card Industry Data Security Standard Self-Assessment Questionnaire (SAQ) on an annual basis and achieve a passing score. If you electronically store cardholder information or if your processing systems have any Internet connectivity, a quarterly scan by an approved scanning vendor is also required.
The length that a PCI compliance certificate is valid depends on whether your business requires a questionnaire and, where applicable, a scan. If your business requires only the questionnaire, the PCI certification is valid for one year. If your business also requires quarterly scans, the PCI certification is valid for three months, at which time your next quarterly scan will be due.
For more information on credit card acceptance and PCI compliance, please call a FDIS Representative at (800) 918-8330
