What is PCI compliance & why is it important for your business?
Protecting your customers’ data should be a priority for your business, especially as you grow. If you’re taking card payments face-to-face, online, over the phone, or via email, you’ll need to understand the importance of PCI compliance and the industry regulations that impact the way you trade.
What is PCI compliance?
PCI compliance is the shortened name for PCI DSS compliance which is the acronym for the Payment Card Industry Data Security Standard.
PCI, or PCI DSS, then is an information security standard, mandatory for all organisations that accept debit and credit card payments. This is to protect their customers’ card data from being misused or frauded through any data breaches.
Who oversees PCI compliance?
The Payment Card Industry is a global organisation and their council oversees PCI compliance and education for merchants. The council was founded in 2006 and it includes card associations such as Mastercard, Visa, Discover, American Express and JCB.
While the council provides the standards and qualifications for security, it is down to payment processors to validate these with each of their merchants. The payment processor does this with a PCI assessment form.
Who needs PCI DSS compliance?
Whether you’re a single stall owner, or you run a chain of restaurants across the country, if you take card payments you will need to be PCI compliant. However, there are different levels of compliance that you will need depending on the size of your business and your annual card turnover.
Levels of PCI compliance.
There are four levels of compliance. The level that your business will require is based on how many card payments you expect to take annually.
|
Level 1 |
Merchants that process over 6 million card transactions annually. |
|
Level 2 |
Merchants that process 1 to 6 million transactions annually. |
|
Level 3 |
Merchants that process between 20,000 and 1 million transactions annually. |
|
Level 4 |
Merchants that process fewer than 20,000 transactions annually. |
Depending on the category your business falls into, you will need to obtain different PCI assessments.
Level 1 businesses must have yearly on-site reviews by an internal auditor also known as a Qualified Security Assessor (QSA) as well as a required network scan by an approved scanning vendor. You can find a list of all of the approved scanning vendors here.
Businesses that fall into levels 2, 3 or 4 must complete the PCI DSS Self Assessment Questionnaire every year and undergo quarterly network security scans with an approved scanning vendor.
Typically, a PCI questionnaire is a lengthy and complex process, making it easy to make mistakes. When you accept cards with Dojo we take care of all of this.
Because all of our card machines use point-to-point encryption (P2PE) your PCI compliance is reduced to just two documents and two questions. Once you’ve read and understood the documents, you can become compliant from your Dojo account online or via the app.
Why is being compliant important for your customers and your business?
It’s important for consumers to feel like they’re not at risk of identity fraud, as a result of hacking when they’re spending money in-store or online.
Often a secure website, secure card machines and software, and knowledge of personal data protection goes a long way in giving shoppers peace of mind.
Being PCI compliant shows your commitment to keeping your customers protected against fraud. If you lose sensitive customer data and you aren’t PCI DSS compliant, you could incur hefty fines and lose valued customers.
How does PCI compliance work with Dojo?
If you’re not compliant, you’re putting your customers and your business at risk. You’re also at a higher risk of merchant chargebacks and can incur fees from your merchant account.
All Dojo card machines come with point-to-point encryption (P2PE). It’s the most rigorous security standard and protects you and your customers from card fraud – protecting your reputation and giving your customers peace of mind. And because it’s so secure, becoming PCI compliant is now much simpler.
In fact, once you've read the plain English documents, there are just two questions between you and compliance. And best of all, you can fill them out on your Dojo account quickly and easily.*
If you’re already a Dojo customer and need to complete your PCI compliance documents, visit your dojo account here today.
New to card payments? Find out more about our Dojo card machines, with next working-day transfers and built-in P2PE security.
To find out more about card payment security, visit our guide on 3D Secure authentication for ecommerce payments.
*Note that, dependent upon your transaction volumes, you may need to perform additional steps as part of your PCI compliance. Please contact your Payments Consultant or Account Manager if you would like to discuss or require further information.
