Common Myths About PCI Compliance

PCI Compliance Myths

According to the Payment Card Industry, the following are the top ten PCI compliance myths about the new PCI compliance standards:

  1. One vendor and product will make us PCI compliant
  2. Outsourcing card processing makes us PCI compliant
  3. PCI compliance is an IT project
  4. PCI compliance will make us secure
  5. PCI compliance is unreasonable; it requires too much work
  6. PCI compliance requires us to hire a Qualified Security Assessor
  7. We don’t take enough credit cards to be PCI compliant
  8. We completed a SAQ so we’re PCI compliant
  9. PCI compliance makes us store cardholder data
  10. PCI compliance is too hard

1. One vendor and product will make us PCI compliant.

No one vendor will be able to provide you with a single product that addresses all 12 requirements for PCI compliance, however, we are committed to doing all we can to make PCI compliance as easy as possible. All new terminals meet PCI regulations and come with PCI compliant software. When the Payment Card Industry announced the new regulations, many merchants did not have to update their terminals.

Be wary of processors who charge a PCI Compliance fee at all – many processing companies who have increased their prices, some over $300, in hidden and annual fees. Click here to get started on the Self-Assessment Questionnaire required by all merchants to start becoming PCI compliant!

2. Outsourcing card processing makes us PCI compliant.

Outsourcing your credit card processing does not make a business automatically PCI compliant; unfortunately, there are numerous processors who do not comply with the new regulations.

3. PCI compliance is an IT project

While some of the new regulations involve altering the computer system within your company, the majority of the PCI compliance regulations are a perpetual process that involves all aspects of business security

4. PCI compliance will make us secure

After completing all the PCI compliance requirements your company is secure, but only for that moment. Cyber criminals are always changing their techniques, trying to find a weak spot in the system to steal information. Merchants must be diligent in preventing cardholder data theft by continually preventing, detecting, and reacting to security incidents.

5. PCI compliance is unreasonable; it requires too much

At first, the multiple steps required to become PCI compliant can be daunting, especially for small and medium-sized businesses. Nonetheless, the regulations were developed to help protect businesses from being victims of cardholder theft. Following the requirements will help secure your business and all credit cards accepted as a form of payment. The time taken to become PCI compliant pales in comparison to the time, fines, and stress caused by security infringements on your credit card systems.

6. PCI compliance requires us to hire a Qualified Security Assessor

Only large corporations processing more that six million transactions a year are required to hire a Qualified Security Assessor. Small and medium-sized businesses are only required to complete the Self-Assessment Questionnaire instead of hiring a QSA. Click here to start filling out the questionnaire.

7. We don’t take enough credit cards to be PCI compliant

No matter how many credit cards you take, every business must become PCI compliant. Click here to start the process!

8. We completed a SAQ so we’re PCI compliant

Technically, you are PCI compliant after completing the Self Assessment Questionnaire; however, as discussed in myth #4, ongoing assessment and monitoring is required to maintain a secure system. Any changes in your system can render you non-PCI compliant instantaneously.

9. PCI compliance makes us store cardholder data

PCI regulations prohibit keeping cardholder data that is stored on the magnetic strip of a credit card. If necessary for business, merchants are allowed to save the information found on the front of the card, such as the name and account number. If a business needs to save this information, it must be encrypted and unreadable.

10. PCI compliance is too hard

PCI compliance does take time and energy for each business to meet all the requirements; however, the protection you receive from keeping up-to-date on the security of your credit card processing is significant. If there is a security breach of cardholder information and the business is not compliant, Visa fines up to $500,000 per incident. Taking the time to become compliant and remaining vigilant about securing cardholder information from theft will not only protect your company in case of a security breech, but will also build the trust in your customers. Click here to start the process of becoming PCI compliant!